We found results for “”
WS-2022-0175
Good to know:
Date: July 15, 2022
GrapesJs up to 0.19.4 vulnerable to Cross Site Scripting (XSS). Due to insufficient class name validation in GrapeJS library it's possible to add executable JS code in class name through Selector Manager. Version 0.19.5 contains a patch for this issue.
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Input Validation
CWE-20Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | HIGH |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | LOW |
Availability (A): | NONE |