MEDIUM 5.4

GHSA-9hfw-cvf4-5x25

wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function

Details

There is a cross-site scripting (XSS) issue in wangEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / @wangeditor/editor

Introduced in: 0 Fixed in: 4.7.12

Fix npm install @wangeditor/editor@4.7.12

References

https://nvd.nist.gov/vuln/detail/CVE-2022-25037 [ADVISORY]
https://github.com/wangeditor-team/wangEditor/issues/3870 [WEB]
https://github.com/wangeditor-team/wangEditor/issues/3872 [WEB]
https://github.com/wangeditor-team/wangEditor/commit/6257a2e166346913c34ac5cfb31b6a46e9544c5a [WEB]
https://gist.github.com/Mdxjj/5cf0a31e8abf24ed688ceb5b3543516d [WEB]
https://github.com/wangeditor-team/wangEditor [PACKAGE]