Lucene search
+L

4 matches found

OSV
OSV
added 2020/09/11 9:19 p.m.9 views

GHSA-J8R2-2X94-2Q67 Cross-Site Scripting in diagram-js-direct-editing

Versions of diagram-js-direct-editing prior to 1.4.3 are vulnerable to Cross-Site Scripting. The package fails to sanitize input from the clipboard, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.4.3 or later...

7.5AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2020/09/11 9:19 p.m.12 views

Cross-Site Scripting in diagram-js-direct-editing

Versions of diagram-js-direct-editing prior to 1.4.3 are vulnerable to Cross-Site Scripting. The package fails to sanitize input from the clipboard, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.4.3 or later...

5.2AI score
Exploits0References3Affected Software1
Veracode
Veracode
added 2019/06/21 7:22 a.m.8 views

Cross-Site Scripting (XSS)

diagram-js-direct-editing is vulnerable to cross-site scripting. The vulnerability exists due to lack of sanitization when pasting HTML code from user's clipboard into the edit box which allows remote attackers to inject and execute arbitrary javascript...

6.9AI score
Exploits0
Node.js
Node.js
added 2019/06/17 9:49 p.m.21 views

Cross-Site Scripting

Overview Versions of diagram-js-direct-editing prior to 1.4.3 are vulnerable to Cross-Site Scripting. The package fails to sanitize input from the clipboard, allowing attackers to execute arbitrary JavaScript in the victim's browser. Recommendation Upgrade to version 1.4.3 or later. References -...

7.3AI score
Exploits0Affected Software1
Rows per page
Query Builder