23 matches found
360shitu (=0.1.0), @7revor/item-schema-sdk (=0.0.0) +938 more potentially affected by unknown CVE via wangeditor (>=2.1.23 <=4.7.9)
wangeditor NPM version =2.1.23, =1.0.27, =1.0.11, =3.1.3, =1.0.8, =0.1.8, =3.4.0-cg.1, =1.0.0, =0.0.22, =0.0.4-alpha.0, =0.0.1, =0.0.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-G7MW-5CQ6-FV82...
Cross-Site Scripting
Overview All versions of wangeditor are vulnerable to Cross-Site Scripting. The package fails to properly encode output, allowing arbitrary JavaScript to be inserted in links and executed by browsers. Recommendation No fix is currently available. Consider using an alternative module until a fix i...
Cross-site Scripting (XSS)
wangeditor is vulnerable to cross-site scripting XSS. It provides the function to upload images via url links, making it vulnerable to cross-site scripting...