diagram-js-direct-editing@0.12.0 vulnerabilities
Direct editing support for diagram-js
-
latest version
3.0.1
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
23 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the diagram-js-direct-editing package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
diagram-js-direct-editing is a direct editing box for diagram-js. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Pasting HTML text anywhere that allows text input in the modeler evaluates the HTML as is. It can be exploited by adding a new element on the canvas and editing the name to contain html. For example, How to fix Cross-site Scripting (XSS)? Upgrade |
<1.4.3
|