Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) sceditor is a lightweight WYSIWYG BBCode and XHTML editor. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `sceditor.create` process. An attacker can execute arbitrary scripts in the context of the user's browser by injecting malicious configuration options such as `emoticons` or `charset`. How to fix Cross-site Scripting (XSS)? Upgrade `sceditor` to version 3.2.1 or higher.	<3.2.1
H Cross-site Scripting (XSS) sceditor is a lightweight WYSIWYG BBCode and XHTML editor. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in`/src/lib/defaultCommands.js`, when using `editor.wysiwygEditorInsertHtml` to insert image, URL or email, the inputs are not sanitized, enabling XSS. How to fix Cross-site Scripting (XSS)? Upgrade `sceditor` to version 3.0.0 or higher.	<3.0.0

Cross-site Scripting (XSS)

sceditor is a lightweight WYSIWYG BBCode and XHTML editor.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the sceditor.create process. An attacker can execute arbitrary scripts in the context of the user's browser by injecting malicious configuration options such as emoticons or charset.

How to fix Cross-site Scripting (XSS)?

Upgrade sceditor to version 3.2.1 or higher.

<3.2.1

Cross-site Scripting (XSS)

sceditor is a lightweight WYSIWYG BBCode and XHTML editor.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in/src/lib/defaultCommands.js, when using editor.wysiwygEditorInsertHtml to insert image, URL or email, the inputs are not sanitized, enabling XSS.

How to fix Cross-site Scripting (XSS)?

Upgrade sceditor to version 3.0.0 or higher.

<3.0.0

Go back to all versions of this package