4 matches found
@alfresco/adf-core (>=4.12.0-35591 <=6.0.0-A.1-github-run-3758819331), @bigbossstudio/strapi-plugin-editorjs (>=0.0.1 <=0.0.4) +44 more potentially affected by CVE-2022-23474 via @editorjs/editorjs (>=2.15.1 <=2.25.0)
@editorjs/editorjs NPM version =2.15.1, =4.12.0-35591, =0.0.1, =1.1.3, =1.1.7, =1.0.2, =0.0.0-ee-vpcs.549378cf03, =0.0.0-ee-vpcs.549378cf03, =0.0.0-ee-vpcs.549378cf03, =0.0.0-ee-vpcs.549378cf03, =0.0.0-ee-vpcs.549378cf03, =0.0.0-unstable.1e66d121db, =0.0.0-ee-vpcs.549378cf03,...
CVE-2022-23474
Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...
CVE-2022-23474 editor.js contains Code Injection
Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...
CVE-2022-23474
Editor.js (block-style editor) vulnerable before 2.26.0 due to Code Injection via pasted input. Root cause: processHTML passes pasted input into the wrapper’s innerHTML. Patched in 2.26.0. Public references cover this CVE across multiple sources; one connected record notes a PoC/exploitation deta...