CVE-2021-31712

react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS...

EUVD-2021-1166

Malware in sbrugna...

EUVD-2025-9707

Malicious code in bioql PyPI...

CVE-2025-3191

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

@1kit/react (>=0.0.74 <=0.0.149), @1kit/ui (>=0.0.14 <=0.0.90) +762 more potentially affected by CVE-2025-3191 via react-draft-wysiwyg (>=1.10.0 <=1.15.0)

react-draft-wysiwyg NPM version =1.10.0, =0.0.74, =0.0.14, =1.0.7, =0.2.2, =1.0.0, =0.0.5, =0.1.2, =1.0.2, =1.0.0, =0.0.1, =1.0.2, =2.0.54, =2.3.26 and more Source cves: CVE-2025-3191 Source advisory: OSV:GHSA-FQ5X-7292-2P5R...

React Draft Wysiwyg Cross-Site Scripting (XSS) via the Embedded Button

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

GHSA-FQ5X-7292-2P5R React Draft Wysiwyg Cross-Site Scripting (XSS) via the Embedded Button

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

CVE-2025-3191

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

CVE-2025-3191

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

CVE-2025-3191

CVE-2025-3191 affects the JavaScript WYSIWYG editor package react-draft-wysiwyg . The vulnerability is an XSS via the Embedded button, with the payload stored in the tag, enabling execution of malicious script in the user’s browser. Affected versions are described by PT-2025-14838 as 3.1 and ear...

CVE-2025-3191

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

react-draft-wysiwyg 安全漏洞

react-draft-wysiwyg is a WYSIWYG editor built on ReactJS and DraftJS by the individual developer Jyoti Puri. A security vulnerability exists in react-draft-wysiwyg, which stems from a cross-site scripting attack via the Embedded button...

PT-2025-14838 · Unknown · React-Draft-Wysiwyg

Name of the Vulnerable Software and Affected Versions: react-draft-wysiwyg versions 3.1 and earlier Description: The issue is related to Cross-site Scripting XSS via the Embedded button, which results in saving the payload in the iframe tag. This allows attackers to exploit the vulnerability...

@1kit/react (>=0.0.74 <=0.0.149), @1kit/ui (>=0.0.14 <=0.0.90) +762 more potentially affected by CVE-2025-3191 via react-draft-wysiwyg (>=1.10.0 <=1.15.0)

react-draft-wysiwyg NPM version =1.10.0, =0.0.74, =0.0.14, =1.0.7, =0.2.2, =1.0.0, =0.0.5, =0.1.2, =1.0.2, =1.0.0, =0.0.1, =1.0.2, =2.0.54, =2.3.26 and more Source cves: CVE-2025-3191 Source advisory: SNYK:JS-REACTDRAFTWYSIWYG-8515884...

Cross-site Scripting (XSS)

Overview org.webjars.npm:react-draft-wysiwyg is an A wysiwyg on top of DraftJS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag. Details Cross-site scripting or XSS is a code vulnerability...

Cross-site Scripting (XSS)

Overview react-draft-wysiwyg is an A wysiwyg on top of DraftJS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag. Details Cross-site scripting or XSS is a code vulnerability that occurs whe...

Cross-Site Scripting

Overview react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS. Recommendation Upgrade to version 1.14.6 or later References - CVE - GitHub Advisory...

@1studio/ui (>=1.0.7 <=2.83.0), @cloudacademy/integrations (>=0.0.2 <=0.0.15) +51 more potentially affected by CVE-2021-31712 via react-draft-wysiwyg (>=1.10.0 <=1.14.5)

react-draft-wysiwyg NPM version =1.10.0, =1.0.7, =0.0.2, =2.1.15, =0.1.0, =1.0.0, =1.0.0, =0.1.1, =0.1.5, =0.8.6, =0.0.15, =2.1.19, =1.0.0, =0.10.5, =0.0.8, =0.2.5 and more Source cves: CVE-2021-31712 Source advisory: OSV:GHSA-QCG2-H349-VWM3...

GHSA-QCG2-H349-VWM3 Cross-site Scripting in React Draft Wysiwyg

react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS...

Cross-site Scripting in React Draft Wysiwyg

react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS...