5 matches found
GHSA-M5JF-8CRM-R65M Vditor allows Cross-site Scripting via an attribute of an `A` element
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true...
Vditor allows Cross-site Scripting via an attribute of an `A` element
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true...
PT-2024-25903 · Vditor · Vditor
Name of the Vulnerable Software and Affected Versions: Vditor version 3.10.3 Description: The issue allows XSS via an attribute of an A element. The vendor indicates that a user is supposed to mitigate this via sanitize=true. Recommendations: For Vditor version 3.10.3, to mitigate the issue, set...
CVE-2024-34449
CVE-2024-34449 affects Vditor 3.10.3, with XSS via an attribute of an A element. The underlying issue is insufficient sanitization; vendor guidance is to mitigate by enabling sanitize=true. CVSS 3.1 base score 6.1 (Network attack, low complexity, no privilege, user interaction required, scope cha...
GHSA-32VW-R77C-GM67 Withdrawn Advisory: marked cross-site scripting vulnerability
Versions 0.3.2 and earlier of marked are affected by a cross-site scripting vulnerability even when sanitize:true is set...