@toast-ui/editor@2.0.0-alpha vulnerabilities
GFM Markdown Wysiwyg Editor - Productive and Extensible
-
latest version
3.2.2
-
latest non vulnerable version
-
first published
5 years ago
-
latest version published
2 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @toast-ui/editor package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@toast-ui/editor is a GFM Markdown Wysiwyg Editor. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Base tags are not sanitized which can be leveraged for XSS. How to fix Cross-site Scripting (XSS)? Upgrade |
<3.0.2
|
@toast-ui/editor is a GFM Markdown Wysiwyg Editor. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). User input is not properly sanitized before being included in the HTML context, specifically the Steps to Reproduce
How to fix Cross-site Scripting (XSS)? Upgrade |
<3.0.2
|
@toast-ui/editor is a GFM Markdown Wysiwyg Editor. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). JavaScript inserted into the editor is not sanitized by the library. PoC
How to fix Cross-site Scripting (XSS)? Upgrade |
<2.1.0
|