Clipboard-based XSS in jsuites
Description
jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting (XSS) attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying _anything_ from a malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to innerHTML allowing for javascript injection and thus XSS. Users are advised to update to version 4.9.11 to resolve.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jsuitesnpm | < 4.9.11 | 4.9.11 |
Affected products
2Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-qh7x-j4v8-qw5wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-41086ghsaADVISORY
- github.com/jsuites/jsuites/commit/d47a6f4e143188dde2742f4cffd313e1068ad3b3ghsax_refsource_MISCWEB
- github.com/jsuites/jsuites/commit/fe1d3cc5e339f2f4da8ed1f9f42271fdf9cbd8d2ghsax_refsource_MISCWEB
- github.com/jsuites/jsuites/security/advisories/GHSA-qh7x-j4v8-qw5wghsax_refsource_CONFIRMWEB
- www.npmjs.com/package/jsuitesghsaWEB
News mentions
0No linked articles in our index yet.