Homepage

vditor@3.8.11 vulnerabilities

♏ 易于使用的 Markdown 编辑器,为适配不同的应用场景而生

  • latest version

    3.10.8

  • latest non vulnerable version

    3.10.8

  • first published

    5 years ago

  • latest version published

    13 days ago

  • licenses detected

  • View vditor package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the vditor package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Cross-site Scripting (XSS)

    vditor is a ♏ 易于使用的 Markdown 编辑器,为适配不同的应用场景而生

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to an improper sanitization.

    How to fix Cross-site Scripting (XSS)?

    Upgrade vditor to version 3.8.13 or higher.

    <3.8.13
    • M
    Cross-site Scripting (XSS)

    vditor is a ♏ 易于使用的 Markdown 编辑器,为适配不同的应用场景而生

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when a user creates a link using the markdown syntax, the server does not URL-encode the double-quotes, so the user can escape the href attribute.

    How to fix Cross-site Scripting (XSS)?

    Upgrade vditor to version 3.8.13 or higher.

    <3.8.13
    Go back to all versions of this package