@a-type/ui (>=0.8.17 <=1.2.3), @adminjs/design-system (>=3.0.0 <=3.1.1) +402 more potentially affected by unknown CVE via prosemirror-model (>=1.0.1 <=1.21.3)

prosemirror-model NPM version =1.0.1, =0.8.17, =3.0.0, =0.1.0, =0.0.1, =13.1.0, =10.4.0, =0.0.2, =3.0.0, =16.0.0, =0.0.1, =7.0.0, =47.0.0, =8.0.0, =126.0.0, =194.4.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-PROSEMIRRORMODEL-7838221...

Cross-site Scripting (XSS)

Overview prosemirror-model is a ProseMirror's document model Affected versions of this package are vulnerable to Cross-site Scripting XSS due to serializeNodeInner and serializeMark functions that put a value from an attribute directly in an array used to describe a DOM structure and not fully...