PT-2018-11763 · Imperavi · Angular Redactor

Shellsniper

Published

2018-07-05

Updated

2022-05-14

CVE-2018-13339

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Angular Redactor version 1.1.6

Description The issue allows for stored XSS attacks when HTML content mode is used in Imperavi Redactor 3. This can be demonstrated through the use of an onerror attribute of an IMG element.

Recommendations For Angular Redactor version 1.1.6, update to a version that fixes this issue, as using the HTML content mode currently poses a risk of stored XSS attacks.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-13339

GHSA-88FH-8979-Q2RR

Affected Products

Angular Redactor

PT-2018-11763 · Imperavi · Angular Redactor

CVE-2018-13339

Weakness Enumeration

Related Identifiers

Affected Products

References · 6