0.001 Low
EPSS
Percentile
43.5%
grapesjs is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the class name in ClassTagView.ts when it adds to the selector manager, allowing an attacker to inject and execute malicious javascript.
ClassTagView.ts
github.com/advisories/GHSA-589f-c66p-hxr4
github.com/artf/grapesjs/commit/13e85d152d486b968265c4b8017e8901e7d89ff3
github.com/artf/grapesjs/issues/4411
github.com/artf/grapesjs/issues/4411%23issuecomment-1167202709
github.com/artf/grapesjs/releases/tag/v0.19.5