MEDIUM 5.4

GHSA-9hfw-cvf4-5x25

wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function

상세

There is a cross-site scripting (XSS) issue in wangEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / @wangeditor/editor

최초 영향 버전: 0 수정 버전: 4.7.12

수정 npm install @wangeditor/editor@4.7.12

참고

https://nvd.nist.gov/vuln/detail/CVE-2022-25037 [ADVISORY]
https://github.com/wangeditor-team/wangEditor/issues/3870 [WEB]
https://github.com/wangeditor-team/wangEditor/issues/3872 [WEB]
https://github.com/wangeditor-team/wangEditor/commit/6257a2e166346913c34ac5cfb31b6a46e9544c5a [WEB]
https://gist.github.com/Mdxjj/5cf0a31e8abf24ed688ceb5b3543516d [WEB]
https://github.com/wangeditor-team/wangEditor [PACKAGE]