Moderate severityNVD Advisory· Published Oct 1, 2020· Updated Sep 17, 2024

CVE-2019-20903

Description

The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
@atlaskit/editor-corenpm	>= 0	—

Affected products

ghsa-coords
pkg:npm/%40atlaskit/editor-core
Range: >= 0
Atlassian/editor-corecpe-rescue
Range: unspecified

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-p5ch-w78f-xh44ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2019-20903ghsaADVISORY
atlaskit.atlassian.com/packages/editor/editor-core/changelog/113.1.5ghsax_refsource_MISCWEB
bitbucket.org/atlassian/atlaskit-mk-2/commits/ca88f616e4ghsaWEB
confluence.atlassian.com/pages/viewpage.actionghsax_refsource_MISCWEB
www.npmjs.com/package/%40atlaskit/editor-coremitrex_refsource_MISC
www.npmjs.com/package/@atlaskit/editor-coreghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000