Vditor allows Cross-site Scripting via an attribute of an `A` element · CVE-2024-34449 · GitHub Advisory Database · GitHub

Vditor allows Cross-site Scripting via an attribute of an `A` element

Moderate severity GitHub Reviewed Published May 3, 2024 to the GitHub Advisory Database • Updated May 3, 2024

Package

vditor (npm)

Affected versions

= 3.10.3

Patched versions

None

Description

Vditor 3.10.3 allows XSS via an attribute of an A element.

NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true.

References

Published by the National Vulnerability Database

May 3, 2024

Published to the GitHub Advisory Database May 3, 2024

Reviewed May 3, 2024

Last updated May 3, 2024