Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2024/08/05 9:18 p.m.20 views

@alfresco/adf-core (>=4.12.0-35591 <=6.0.0-A.1-github-run-3758819331), @bigbossstudio/strapi-plugin-editorjs (>=0.0.1 <=0.0.4) +44 more potentially affected by CVE-2022-23474 via @editorjs/editorjs (>=2.15.1 <=2.25.0)

@editorjs/editorjs NPM version =2.15.1, =4.12.0-35591, =0.0.1, =1.1.3, =1.1.7, =1.0.2, =0.0.0-ee-vpcs.549378cf03, =0.0.0-ee-vpcs.549378cf03, =0.0.0-ee-vpcs.549378cf03, =0.0.0-ee-vpcs.549378cf03, =0.0.0-ee-vpcs.549378cf03, =0.0.0-unstable.1e66d121db, =0.0.0-ee-vpcs.549378cf03,...

6.1CVSS6.3AI score0.00533EPSS
Exploits1
NVD
NVD
added 2022/12/15 7:15 p.m.43 views

CVE-2022-23474

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

6.1CVSS0.00533EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/12/15 2:8 a.m.50 views

CVE-2022-23474 editor.js contains Code Injection

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

6.1CVSS6.6AI score0.00533EPSS
Exploits1References2
CVE
CVE
added 2022/12/15 2:8 a.m.81 views

CVE-2022-23474

Editor.js (block-style editor) vulnerable before 2.26.0 due to Code Injection via pasted input. Root cause: processHTML passes pasted input into the wrapper’s innerHTML. Patched in 2.26.0. Public references cover this CVE across multiple sources; one connected record notes a PoC/exploitation deta...

6.1CVSS6.3AI score0.00533EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder