GHSA-9hfw-cvf4-5x25

Suggest an improvement
Source
https://github.com/advisories/GHSA-9hfw-cvf4-5x25
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-9hfw-cvf4-5x25/GHSA-9hfw-cvf4-5x25.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-9hfw-cvf4-5x25
Aliases
  • CVE-2022-25037
Published
2024-05-31T18:31:14Z
Modified
2024-06-04T00:38:12Z
Summary
wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function
Details

There is a cross-site scripting (XSS) issue in wangEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12.

References

Affected packages

npm / @wangeditor/editor

Package

Name
@wangeditor/editor
View open source insights on deps.dev
Purl
pkg:npm/%40wangeditor/editor

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.7.12

Database specific

{
    "last_known_affected_version_range": "<= 4.7.11"
}