Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1tNWpmLThjcm0tcjY1bc4AA7ve

Vditor allows Cross-site Scripting via an attribute of an `A` element

Vditor 3.10.3 allows XSS via an attribute of an A element.

NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true.

Permalink: https://github.com/advisories/GHSA-m5jf-8crm-r65m
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tNWpmLThjcm0tcjY1bc4AA7ve
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 7 months ago
Updated: 7 months ago


Identifiers: GHSA-m5jf-8crm-r65m, CVE-2024-34449
References: Repository: https://github.com/Vanessa219/vditor
Blast Radius: 0.0

Affected Packages

npm:vditor
Dependent packages: 65
Dependent repositories: 706
Downloads: 106,931 last month
Affected Version Ranges: = 3.10.3
No known fixed version
All affected versions: