3 matches found
@bidvine/react-summernote (=2.0.2), @uday_test/wm_codegen_angular_app (=0.0.0) +14 more potentially affected by CVE-2024-29504 via summernote (>=0.5.9 <=0.8.18)
summernote NPM version =0.5.9, =1.0.2, =4.8.14, =4.9.23, =4.9.23, =4.9.23, =4.9.23, =5.0.6, =1.0.0, =0.0.1, =1.2.1 - wm-ng-webcomponent =1.0.1 and more Source cves: CVE-2024-29504 Source advisory: OSV:GHSA-4WH3-3WF2-39M9...
CVE-2024-29504
Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter...
CVE-2024-29504
CVE-2024-29504 affects Summernote up to v0.8.18 (and earlier). The root cause described across connected sources is improper sanitization of the codeview parameter, leading to Cross Site Scripting (XSS) that can allow execution of arbitrary JavaScript in the context of the affected page. Impact d...