PT-2020-21246 — XSS in Nhn @Toast-Ui/Editor

PT-2020-21246 · Nhn · @Toast-Ui/Editor

Published

2020-09-03

Updated

2020-09-03

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions @toast-ui/editor versions prior to 2.2.0

Description The issue allows attackers to execute arbitrary JavaScript on a victim's browser due to multiple bypasses of the package's built-in XSS sanitization, which may lead to Cross-Site Scripting (XSS).

Recommendations Upgrade to version 2.2.0 or later.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

GHSA-CR56-66MX-293V

Affected Products

@Toast-Ui/Editor

PT-2020-21246 · Nhn · @Toast-Ui/Editor

Weakness Enumeration

Related Identifiers

Affected Products

References · 6