npm package

vditor

pkg:npm/vditor

Vulnerabilities (5)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-34449	—	—	—	May 3, 2024	Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true.
CVE-2021-32855	—	< 3.8.7	3.8.7	Feb 20, 2023	Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this
CVE-2022-0350	—	< 3.8.13	3.8.13	Mar 31, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.
CVE-2022-0341	—	< 3.8.11	3.8.11	Mar 14, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12.
CVE-2021-4103	—	< 3.8.11	3.8.11	Jan 23, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.

CVE-2024-34449May 3, 2024
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true.
CVE-2021-32855Feb 20, 2023
affected < 3.8.7fixed 3.8.7
Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this
CVE-2022-0350Mar 31, 2022
affected < 3.8.13fixed 3.8.13
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.
CVE-2022-0341Mar 14, 2022
affected < 3.8.11fixed 3.8.11
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12.
CVE-2021-4103Jan 23, 2022
affected < 3.8.11fixed 3.8.11
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.