You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Cross-Site Scripting in simditor
Moderate severity
GitHub Reviewed
Published
May 14, 2019
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Versions of simditor prior to 2.3.22 are vulnerable to Cross-Site Scripting. The package does not sanitize user input that is rendered with innerHTML, allowing attackers to execute arbitrary JavaScript.
Versions of
simditor
prior to 2.3.22 are vulnerable to Cross-Site Scripting. The package does not sanitize user input that is rendered withinnerHTML
, allowing attackers to execute arbitrary JavaScript.Recommendation
Upgrade to version 2.3.22 or later.
References