PT-2022-28207 · Grapesjs · Grapesjs
Published
2022-07-15
·
Updated
2022-07-15
CVSS v3.1
6.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
GrapeJS versions prior to 0.19.5
Description
The issue is due to insufficient class name validation in the GrapeJS library, allowing executable JS code to be added in the class name through the Selector Manager.
Recommendations
For versions prior to 0.19.5, update the GrapeJS dependency to 0.19.5 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Grapesjs