@lexical/link is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because hrefs
anchor tags aren’t properly sanitized in the createDOM
function of index.ts
, allowing an attacker to inject and execute malicious JavaScript through the malicious URLs
CPE | Name | Operator | Version |
---|---|---|---|
@lexical/link | le | 0.9.2 | |
@lexical/link | le | 0.9.2 |