26 matches found
CVE-2021-31712
react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS...
CVE-2021-31712
react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS...
Cross site scripting
react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS...
CVE-2021-31712
react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS...
CVE-2021-31712
React Draft Wysiwyg (react-draft-wysiwyg) prior to 1.14.6 is vulnerable to XSS via a javascript: URI in a Link Target within decorators/Link/index.js when a draft is shared across users. The issue is documented across multiple feeds (including CVE-2021-31712 entries and Red Hat/Veracode advisorie...
react-draft-wysiwyg 跨站脚本漏洞
react-draft-wysiwyg is an application. Wysiwyg editor built with ReactJS and DraftJS libraries. A cross-site scripting vulnerability exists in react-draft-wysiwyg versions prior to 1.14.6, which stems from allowing a javascript: URi in decorators/Link/index.js...