EUVD-2025-9707

Malicious code in bioql PyPI...

Cross-Site Scripting (XSS)

react-draft-wysiwyg is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization or escaping of user-provided data in the Embedded button functionality, allowing malicious payloads to be executed when the data is saved in the tag...

CVE-2025-3191

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

React Draft Wysiwyg Cross-Site Scripting (XSS) via the Embedded Button

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

GHSA-FQ5X-7292-2P5R React Draft Wysiwyg Cross-Site Scripting (XSS) via the Embedded Button

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

CVE-2025-3191

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

CVE-2025-3191

CVE-2025-3191 affects the JavaScript WYSIWYG editor package react-draft-wysiwyg . The vulnerability is an XSS via the Embedded button, with the payload stored in the tag, enabling execution of malicious script in the user’s browser. Affected versions are described by PT-2025-14838 as 3.1 and ear...

CVE-2025-3191

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

react-draft-wysiwyg 安全漏洞

react-draft-wysiwyg is a WYSIWYG editor built on ReactJS and DraftJS by the individual developer Jyoti Puri. A security vulnerability exists in react-draft-wysiwyg, which stems from a cross-site scripting attack via the Embedded button...

PT-2025-14838 · Unknown · React-Draft-Wysiwyg

Name of the Vulnerable Software and Affected Versions: react-draft-wysiwyg versions 3.1 and earlier Description: The issue is related to Cross-site Scripting XSS via the Embedded button, which results in saving the payload in the iframe tag. This allows attackers to exploit the vulnerability...

Cross-site Scripting (XSS)

Overview org.webjars.npm:react-draft-wysiwyg is an A wysiwyg on top of DraftJS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag. Details Cross-site scripting or XSS is a code vulnerability...

Cross-site Scripting (XSS)

Overview react-draft-wysiwyg is an A wysiwyg on top of DraftJS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag. Details Cross-site scripting or XSS is a code vulnerability that occurs whe...