strapi-plugin-content-manager is vulnerable to cross-site scripting (XSS). An attacker is able to inject and execute arbitrary Javascript in a user’s browser via the WYSIWYG editor’s preview feature.
CPE | Name | Operator | Version |
---|---|---|---|
strapi-plugin-content-manager | le | 3.2.4 |