Cross-site Scripting (XSS)

grapesjs is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the class name in ClassTagView.ts when it adds to the selector manager, allowing an attacker to inject and execute malicious javascript...

GHSA-589F-C66P-HXR4 grapesjs before 0.19.5 vulnerable to Cross-site Scripting

The package grapesjs before 0.19.5 is vulnerable to Cross-site Scripting XSS due to an improper sanitization of the class name in Selector Manager...

grapesjs before 0.19.5 vulnerable to Cross-site Scripting

The package grapesjs before 0.19.5 is vulnerable to Cross-site Scripting XSS due to an improper sanitization of the class name in Selector Manager...

CVE-2022-21802

The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting XSS due to an improper sanitization of the class name in Selector Manager...

CVE-2022-21802

The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting XSS due to an improper sanitization of the class name in Selector Manager...

CVE-2022-21802 Cross-site Scripting (XSS)

The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting XSS due to an improper sanitization of the class name in Selector Manager...

grapesjs 跨站脚本漏洞

grapesjs is a free and open source Web Builder framework by Artur Arseniev Individual Developer, Italy. Helps to build HTML templates faster and easier for delivery in websites, newsletters or mobile applications u200bu200b. A security vulnerability exists in grapesjs versions prior to 0.19.5,...

CVE-2022-21802

The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting XSS due to an improper sanitization of the class name in Selector Manager...

Cross-site Scripting (XSS)

oro/commerce is vulnerable to cross-site scripting. The vulnerability exists through the grapesjs dependency used in the library as it does not properly validate the class name in ClassTagView.ts when it adds to the selector manager, allowing an attacker to inject and execute malicious javascript...

OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor

Impact Due to insufficient class name validation in GrapeJS library it's possible to add executable JS code in class name through Selector Manager Relates to - https://github.com/artf/grapesjs/issues/4411 Patch Update GrapeJS dependency to =v0.19.5...

Cross-site Scripting (XSS)

Overview grapesjs is a web builder framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to an improper sanitization of the class name in Selector Manager. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a...