Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01ODlmLWM2NnAtaHhyNM4AAtpP
grapesjs before 0.19.5 vulnerable to Cross-site Scripting
The package grapesjs before 0.19.5 is vulnerable to Cross-site Scripting (XSS) due to an improper sanitization of the class name in Selector Manager.
Permalink: https://github.com/advisories/GHSA-589f-c66p-hxr4JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01ODlmLWM2NnAtaHhyNM4AAtpP
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-589f-c66p-hxr4, CVE-2022-21802
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-21802
- https://github.com/artf/grapesjs/issues/4411%23issuecomment-1167202709
- https://github.com/artf/grapesjs/commit/13e85d152d486b968265c4b8017e8901e7d89ff3
- https://github.com/artf/grapesjs/releases/tag/v0.19.5
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2936781
- https://security.snyk.io/vuln/SNYK-JS-GRAPESJS-2935960
- https://github.com/advisories/GHSA-589f-c66p-hxr4
Blast Radius: 15.6
Affected Packages
npm:grapesjs
Dependent packages: 180Dependent repositories: 362
Downloads: 191,019 last month
Affected Version Ranges: < 0.19.5
No known fixed version
All affected versions: 0.0.5, 0.0.51, 0.1.1, 0.2.2, 0.2.5, 0.3.0, 0.3.1, 0.3.2, 0.3.4, 0.3.5, 0.3.6, 0.3.7, 0.3.8, 0.3.10, 0.3.12, 0.3.13, 0.3.14, 0.3.17, 0.3.18, 0.3.20, 0.3.21, 0.3.23, 0.3.24, 0.3.25, 0.3.27, 0.3.30, 0.3.32, 0.3.33, 0.3.34, 0.3.35, 0.3.40, 0.3.41, 0.3.71, 0.4.5, 0.4.15, 0.4.17, 0.4.23, 0.4.25, 0.4.30, 0.4.38, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.7, 0.5.23, 0.5.37, 0.5.40, 0.5.41, 0.7.6, 0.7.7, 0.8.4, 0.8.8, 0.8.16, 0.8.17, 0.8.19, 0.9.2, 0.9.5, 0.9.7, 0.9.8, 0.9.10, 0.9.11, 0.9.12, 0.9.13, 0.9.15, 0.9.32, 0.10.2, 0.10.4, 0.10.6, 0.10.7, 0.10.8, 0.12.5, 0.12.6, 0.12.7, 0.12.8, 0.12.15, 0.12.17, 0.12.25, 0.12.30, 0.12.37, 0.12.45, 0.12.50, 0.12.52, 0.12.55, 0.12.58, 0.12.60, 0.13.5, 0.13.8, 0.14.5, 0.14.6, 0.14.9, 0.14.10, 0.14.15, 0.14.17, 0.14.20, 0.14.21, 0.14.23, 0.14.25, 0.14.27, 0.14.29, 0.14.33, 0.14.40, 0.14.43, 0.14.48, 0.14.49, 0.14.50, 0.14.52, 0.14.55, 0.14.57, 0.14.61, 0.14.62, 0.15.3, 0.15.5, 0.15.8, 0.15.9, 0.15.10, 0.16.2, 0.16.3, 0.16.12, 0.16.17, 0.16.18, 0.16.22, 0.16.27, 0.16.30, 0.16.34, 0.16.41, 0.16.43, 0.16.44, 0.16.45, 0.17.3, 0.17.4, 0.17.19, 0.17.22, 0.17.25, 0.17.26, 0.17.27, 0.17.28, 0.17.29, 0.18.1, 0.18.2, 0.18.3, 0.18.4, 0.19.4