npm package
@excalidraw/excalidraw
pkg:npm/%40excalidraw/excalidraw
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-32472 | Med | 6.1 | >= 0.16.0, < 0.16.4 | 0.16.4 | Apr 17, 2024 | excalidraw is an open source virtual hand-drawn style whiteboard. A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. There were two vectors. One rendering untrust | |
| CVE-2023-26140 | — | < 0.15.3 | 0.15.3 | Aug 16, 2023 | Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization. |
- affected >= 0.16.0, < 0.16.4fixed 0.16.4
excalidraw is an open source virtual hand-drawn style whiteboard. A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. There were two vectors. One rendering untrust
- CVE-2023-26140Aug 16, 2023affected < 0.15.3fixed 0.15.3
Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization.