12 matches found
CVE-2023-34245
@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into th...
CVE-2024-47061 Arbitrary DOM attributes in element.attributes and leaf.attributes in Platejs
Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the...
CVE-2024-47061 Arbitrary DOM attributes in element.attributes and leaf.attributes in Platejs
Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the...
CVE-2024-47061
The CVE-2024-47061 issue affects Plate editors using @udecode/plate-core, where arbitrary DOM attributes can be injected via nodeProps (often from the attributes property), enabling cross-site scripting (XSS) and potential information exposure (e.g., user IPs and whether a malicious document is o...
@12joan/plate-tabbable (=19.4.0), @antv/narrative-text-editor (>=0.1.1 <=0.2.20) +173 more potentially affected by CVE-2024-47061 via @udecode/plate-core (>=10.0.0 <=21.5.0)
@udecode/plate-core NPM version =10.0.0, =0.1.1, =1.0.103, =1.3.0, =2.19.0, =1.0.1, =0.1.49, =0.0.1, =0.0.7, =0.0.1, =0.0.1, =0.0.3, =0.10.0, =0.11.0 and more Source cves: CVE-2024-47061 Source advisory: OSV:GHSA-73RG-F94J-XVHX...
CVE-2024-40631 Cross-site Scripting (XSS) in media embed element when using custom URL parsers in plate media
Plate media is an open source, rich-text editor for React. Editors that use MediaEmbedElement and pass custom urlParsers to the useMediaState hook may be vulnerable to XSS if a custom parser allows javascript:, data: or vbscript: URLs to be embedded. Editors that do not use urlParsers and consume...
CVE-2024-40631 Cross-site Scripting (XSS) in media embed element when using custom URL parsers in plate media
Plate media is an open source, rich-text editor for React. Editors that use MediaEmbedElement and pass custom urlParsers to the useMediaState hook may be vulnerable to XSS if a custom parser allows javascript:, data: or vbscript: URLs to be embedded. Editors that do not use urlParsers and consume...
Cross Site Scripting (XSS)
@udecode/plate-link is vulnerable to Cross Site Scripting XSS. The vulnerability exists because it does not properly validate url's, which allows an attacker to inject malicious JavaScript script into the system...
CVE-2023-34245
@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into th...
CVE-2023-34245 Cross site scripting (XSS) in @udecode/plate-link
@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into th...
CVE-2023-34245 Cross site scripting (XSS) in @udecode/plate-link
@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into th...
CVE-2023-34245
The CVE-2023-34245 issue affects @udecode/plate-link, the link handler for the Plate editor (Slate/React). Affected versions allow JavaScript: URLs to be rendered into the DOM due to inadequate URL sanitization, enabling potential XSS through links inserted by various means. The patch in plate-li...