2 matches found
@advinow-medical/core (>=1.0.20 <=1.1.77), @afconsult/apollo-comments (>=1.0.0 <=1.0.9) +60 more potentially affected by CVE-2023-26149 via quill-mention (>=0.2.7 <=3.4.1)
quill-mention NPM version =0.2.7, =1.0.20, =1.0.0, =0.0.3, =0.16.9, =0.4.10, =5.4.0, =0.0.2, =0.1.3, =1.0.0, =1.0.2, =0.1.1, =0.0.9-9.1, =1.9.0, =3.5.0, =5.10.5 and more Source cves: CVE-2023-26149 Source advisory: OSV:GHSA-JGW5-RP4P-QHP6...
CVE-2023-26149
CVE-2023-26149 affects quill-mention before 4.0.0 with XSS risk due to improper user-input sanitization in renderList. The issue arises when the mentions list uses unsafe user-sourced data, enabling injection when a Quill user types @. The vulnerability is documented across multiple feeds (Red Ha...