Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tNWpmLThjcm0tcjY1bc4AA7ve
Vditor allows Cross-site Scripting via an attribute of an `A` element
Vditor 3.10.3 allows XSS via an attribute of an A element.
NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tNWpmLThjcm0tcjY1bc4AA7ve
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 15 days ago
Updated: 15 days ago
Identifiers: GHSA-m5jf-8crm-r65m, CVE-2024-34449
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-34449
- https://github.com/Vanessa219/vditor/issues/1604
- https://github.com/Vanessa219/vditor/blob/b3a14d6e4462b0c17141e1fcc66173264ada64e0/README_en_US.md?plain=1#L310
- https://github.com/advisories/GHSA-m5jf-8crm-r65m
Blast Radius: 0.0
Affected Packages
npm:vditor
Dependent packages: 65Dependent repositories: 706
Downloads: 117,826 last month
Affected Version Ranges: = 3.10.3
No known fixed version
All affected versions: 3.10.3