AIKIDO-2024-10341
@syncfusion/ej2-documenteditor is vulnerable to Cross-site Scripting (XSS)
24
Low
@syncfusion/ej2-documenteditor js
AIKIDO-2024-10341: @syncfusion/ej2-documenteditor is vulnerable to Cross-site Scripting (XSS) in versions 26.2.4 - 27.1.52.
Cross-site Scripting (XSS)
Vuln in 26.2.4 - 27.1.52
Fixed in 27.1.53
No CVE available
TL;DR
Affected versions of the package are vulnerable to Cross-site Scripting (XSS). In the comment section of the document editor, user input is possibly not sanitized.
Who does this affect?
You're affected if you are using a version which is within vulnerability ranges.
How can it be fixed?
Upgrade @syncfusion/ej2-documenteditor library to patch version.
Background info
Are you
to these issues?
Connect your GitHub, GitLab, Bitbucket or Azure DevOps account to start scanning your repos for free.
Start For FreeYour data won't be shared · Read-only access
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US