6 matches found
CVE-2022-0341
CVE-2022-0341: A stored XSS vulnerability in vanessa219/vditor prior to 3.8.12. Public sources (CNVD/CNNVD) attribute the issue to lack of data validation/filtering of user-supplied/output data, allowing injected JavaScript in the browser. Affected software is the vditor editor (web-based Markdow...
CVE-2022-0350
CVE-2022-0350 describes a Stored XSS in vanessa219/vditor prior to 3.8.13. The vulnerability arises when a URL value is used for a link via Markdown syntax without proper cleanup, allowing injected scripts to execute in the context of the user. Affected component: the vditor editor (GitHub reposi...
CVE-2021-4103
CVE-2021-4103 is an XSS in vanessa219/vditor prior to 1.0.34 (stored XSS). Multiple sources (NVD, OSV, Red Hat, CNVD, GHSA) confirm cross-site scripting risk in the vditor editor. Affected component: vditor (JavaScript library). Impact: execution of arbitrary client-side scripts in the context of...
CVE-2021-32855
The CVE-2021-32855 entry concerns Vditor, a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS) where an attacker must lure a user into pasting a malicious payload into the editor. The vulnerability is mitigated in version 3.8.7, which con...
CVE-2024-34449
CVE-2024-34449 affects Vditor 3.10.3, with XSS via an attribute of an A element. The underlying issue is insufficient sanitization; vendor guidance is to mitigate by enabling sanitize=true. CVSS 3.1 base score 6.1 (Network attack, low complexity, no privilege, user interaction required, scope cha...
CVE-2024-39150
vditor, version 3.9.8 and earlier, is vulnerable to an Arbitrary file read via a crafted data packet. The issue is confirmed across multiple sources (NVD/Red Hat/CVE ecosystem). Affected component: vditor (frontend/Markdown editor). Root cause details are not explicitly provided in the extracted ...