Vditor · Vditor · CVE-2024-34449
**Name of the Vulnerable Software and Affected Versions**
Vditor version 3.10.3
**Description**
The issue allows XSS via an attribute of an A element. The vendor indicates that a user is supposed to mitigate this via sanitize=true.
**Recommendations**
For Vditor version 3.10.3, to mitigate the issue, set sanitize=true.