MAL-2025-3142 Malicious code in arno-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09b3072a4a914ee5e85596d8f9a01d42ed0596c24aa05bc664e85067c41cbd3a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-3191

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

GHSA-FQ5X-7292-2P5R React Draft Wysiwyg Cross-Site Scripting (XSS) via the Embedded Button

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

@1kit/react (>=0.0.74 <=0.0.149), @1kit/ui (>=0.0.14 <=0.0.90) +763 more potentially affected by CVE-2025-3191 via react-draft-wysiwyg (>=1.10.0 <=1.15.0)

react-draft-wysiwyg NPM version =1.10.0, =0.0.74, =0.0.14, =1.0.7, =0.2.2, =1.0.0, =0.0.5, =0.1.2, =1.0.2, =1.0.0, =0.0.1, =1.0.2, =2.0.54, =2.3.26 and more Source cves: CVE-2025-3191 Source advisory: OSV:GHSA-FQ5X-7292-2P5R...

React Draft Wysiwyg Cross-Site Scripting (XSS) via the Embedded Button

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

CVE-2025-3191

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

CVE-2025-3191

CVE-2025-3191 affects the JavaScript WYSIWYG editor package react-draft-wysiwyg . The vulnerability is an XSS via the Embedded button, with the payload stored in the tag, enabling execution of malicious script in the user’s browser. Affected versions are described by PT-2025-14838 as 3.1 and ear...

CVE-2025-3191

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

CVE-2025-3191

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting XSS via the Embedded button which will then result in saving the payload in the tag...

react-draft-wysiwyg 安全漏洞

react-draft-wysiwyg is a WYSIWYG editor built on ReactJS and DraftJS by the individual developer Jyoti Puri. A security vulnerability exists in react-draft-wysiwyg, which stems from a cross-site scripting attack via the Embedded button...

PT-2025-14838 · Unknown · React-Draft-Wysiwyg

Name of the Vulnerable Software and Affected Versions: react-draft-wysiwyg versions 3.1 and earlier Description: The issue is related to Cross-site Scripting XSS via the Embedded button, which results in saving the payload in the iframe tag. This allows attackers to exploit the vulnerability...

CVE-2025-31137

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an...

Malicious code in niji-react-textarea (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db947d966d8d0b7be248b2cc89616fdf14c8a5f7b2d6c7ca11dbfebe6e851914 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in niji-react-collapsible (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 45517acf73604f16c7460249b78bcf46b0da5988629d8b62e6abc9551f349eac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in niji-react-switch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b24fa24fa460419a699b1ade3246daeaff2282d1f49a2afbfff84dda7c8d8c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in niji-react-alert (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 131b1e825df158dacd4bb111ea02f0cf4a2c4374c18c8466ee2ad1e3bcb1b927 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in niji-react-prettybytes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 572b7b0cfab3e7ae5f10e6653440bf2e9d094c7ca66110eef06083fcc94840e9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in niji-react-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6b0f37153a7862a4b1e5abd871385e93b6535a8bb834f03fc9bb83b9e7be6640 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3080 Malicious code in niji-react-switch (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b24fa24fa460419a699b1ade3246daeaff2282d1f49a2afbfff84dda7c8d8c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in niji-react-select (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17dc01f92bc84168459b0c07238c88fe320f39e19f59414a938a8ef55226045e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...