vditor@3.8.12 vulnerabilities

♏ 易于使用的 Markdown 编辑器,为适配不同的应用场景而生

Direct Vulnerabilities

Known vulnerabilities in the vditor package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

vditor is a ♏ 易于使用的 Markdown 编辑器,为适配不同的应用场景而生

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to an improper sanitization.

How to fix Cross-site Scripting (XSS)?

Upgrade vditor to version 3.8.13 or higher.

<3.8.13
  • M
Cross-site Scripting (XSS)

vditor is a ♏ 易于使用的 Markdown 编辑器,为适配不同的应用场景而生

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when a user creates a link using the markdown syntax, the server does not URL-encode the double-quotes, so the user can escape the href attribute.

How to fix Cross-site Scripting (XSS)?

Upgrade vditor to version 3.8.13 or higher.

<3.8.13