Lucene search
K
B3logVditor

6 matches found

CVE
CVE
added 2022/03/14 4:10 a.m.107 views

CVE-2022-0341

CVE-2022-0341: A stored XSS vulnerability in vanessa219/vditor prior to 3.8.12. Public sources (CNVD/CNNVD) attribute the issue to lack of data validation/filtering of user-supplied/output data, allowing injected JavaScript in the browser. Affected software is the vditor editor (web-based Markdow...

6.6CVSS5.3AI score0.00464EPSS
CVE
CVE
added 2022/03/31 3:15 p.m.103 views

CVE-2022-0350

CVE-2022-0350 describes a Stored XSS in vanessa219/vditor prior to 3.8.13. The vulnerability arises when a URL value is used for a link via Markdown syntax without proper cleanup, allowing injected scripts to execute in the context of the user. Affected component: the vditor editor (GitHub reposi...

6.1CVSS5.4AI score0.00538EPSS
CVE
CVE
added 2022/01/23 1:45 a.m.75 views

CVE-2021-4103

CVE-2021-4103 is an XSS in vanessa219/vditor prior to 1.0.34 (stored XSS). Multiple sources (NVD, OSV, Red Hat, CNVD, GHSA) confirm cross-site scripting risk in the vditor editor. Affected component: vditor (JavaScript library). Impact: execution of arbitrary client-side scripts in the context of...

6.8CVSS5.3AI score0.00664EPSS
CVE
CVE
added 2023/02/20 12:0 a.m.69 views

CVE-2021-32855

The CVE-2021-32855 entry concerns Vditor, a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS) where an attacker must lure a user into pasting a malicious payload into the editor. The vulnerability is mitigated in version 3.8.7, which con...

6.1CVSS6AI score0.00584EPSS
CVE
CVE
added 2024/05/03 12:0 a.m.65 views

CVE-2024-34449

CVE-2024-34449 affects Vditor 3.10.3, with XSS via an attribute of an A element. The underlying issue is insufficient sanitization; vendor guidance is to mitigate by enabling sanitize=true. CVSS 3.1 base score 6.1 (Network attack, low complexity, no privilege, user interaction required, scope cha...

6.1CVSS5.7AI score0.00359EPSS
CVE
CVE
added 2024/07/05 12:0 a.m.49 views

CVE-2024-39150

vditor, version 3.9.8 and earlier, is vulnerable to an Arbitrary file read via a crafted data packet. The issue is confirmed across multiple sources (NVD/Red Hat/CVE ecosystem). Affected component: vditor (frontend/Markdown editor). Root cause details are not explicitly provided in the extracted ...

5.9CVSS6.9AI score0.00322EPSS