Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
editor.js contains Code Injection
Vulnerability Description
Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Editor.js 跨站脚本漏洞
Vulnerability Description
Editor.js是CodeX开源的一个具有干净 JSON 输出的块样式编辑器。 Editor.js 2.26.0之前版本存在跨站脚本漏洞,该漏洞源于容易通过粘贴输入进行代码注入,processHTML 方法将粘贴的输入传递到包装器的 innerHTML。
CVSS Information
N/A
Vulnerability Type
N/A