Vditor Cross-site Scripting vulnerability
Moderate severity
GitHub Reviewed
Published
Feb 21, 2023
to the GitHub Advisory Database
•
Updated Feb 22, 2023
Description
Published by the National Vulnerability Database
Feb 21, 2023
Published to the GitHub Advisory Database
Feb 21, 2023
Reviewed
Feb 22, 2023
Last updated
Feb 22, 2023
Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue.
References