CVE-2022-23474

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

EUVD-2024-2515

Malicious code in bioql PyPI...

CVE-2023-41167

@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the...

Editor.js vulnerable to Code Injection

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

GHSA-6MVJ-2569-3MCM Editor.js vulnerable to Code Injection

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

Design/Logic Flaw

@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the...

CVE-2023-41167

@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the...

GHSA-3X59-VRMC-5MX6 @webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text content

Overview @webiny/react-rich-text-renderer is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the...

@webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text content

Overview @webiny/react-rich-text-renderer is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the...

CVE-2022-23474

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

Code injection

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

CVE-2022-23474 editor.js contains Code Injection

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

CVE-2022-23474 editor.js contains Code Injection

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

CVE-2022-23474 editor.js contains Code Injection

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0...

CVE-2022-23474

Editor.js (block-style editor) vulnerable before 2.26.0 due to Code Injection via pasted input. Root cause: processHTML passes pasted input into the wrapper’s innerHTML. Patched in 2.26.0. Public references cover this CVE across multiple sources; one connected record notes a PoC/exploitation deta...

Editor.js 跨站脚本漏洞

Editor.js is a CodeX open source block style editor with clean JSON output. A cross-site scripting vulnerability exists in Editor.js versions prior to 2.26.0, which stems from easy code injection via pasted input, where the processHTML method passes pasted input to the innerHTML of the wrapper...