Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for vditor by b3log
CVE-2024-39150 (GCVE-0-2024-39150)
Vulnerability from nvd – Published: 2024-07-05 00:00 – Updated: 2024-11-13 17:17
VLAI?
Summary
vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet.
Severity ?
5.9 (Medium)
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T14:24:18.284268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T17:17:13.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://b3log.org/vditor/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:03:42.329Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://b3log.org/vditor/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39150",
"datePublished": "2024-07-05T00:00:00.000Z",
"dateReserved": "2024-06-21T00:00:00.000Z",
"dateUpdated": "2024-11-13T17:17:13.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34449 (GCVE-0-2024-34449)
Vulnerability from nvd – Published: 2024-05-03 00:00 – Updated: 2024-08-02 02:51 Disputed
VLAI?
Summary
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34449",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T16:04:28.069836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:41:40.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:51:11.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Vanessa219/vditor/issues/1604"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Vanessa219/vditor/blob/b3a14d6e4462b0c17141e1fcc66173264ada64e0/README_en_US.md?plain=1#L310"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T15:54:42.612Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Vanessa219/vditor/issues/1604"
},
{
"url": "https://github.com/Vanessa219/vditor/blob/b3a14d6e4462b0c17141e1fcc66173264ada64e0/README_en_US.md?plain=1#L310"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-34449",
"datePublished": "2024-05-03T00:00:00.000Z",
"dateReserved": "2024-05-03T00:00:00.000Z",
"dateUpdated": "2024-08-02T02:51:11.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32855 (GCVE-0-2021-32855)
Vulnerability from nvd – Published: 2023-02-20 00:00 – Updated: 2025-03-10 21:08
VLAI?
Title
vditor vulnerable to Cross-site Scripting
Summary
Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:56.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2021-1006-vditor/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Vanessa219/vditor/issues/1085"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Vanessa219/vditor/commit/1b2382d7f8a4ee509d9245db4450d926a0b24146"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32855",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T21:00:23.830100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:08:46.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vditor",
"vendor": "npm",
"versions": [
{
"lessThan": "3.8.7",
"status": "affected",
"version": "3.8.7",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-20T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2021-1006-vditor/"
},
{
"url": "https://github.com/Vanessa219/vditor/issues/1085"
},
{
"url": "https://github.com/Vanessa219/vditor/commit/1b2382d7f8a4ee509d9245db4450d926a0b24146"
}
],
"source": {
"advisory": "GHSL-2021-1006",
"defect": [
"GHSL-2021-1006"
],
"discovery": "UNKNOWN"
},
"title": "vditor vulnerable to Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32855",
"datePublished": "2023-02-20T00:00:00.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2025-03-10T21:08:46.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0350 (GCVE-0-2022-0350)
Vulnerability from nvd – Published: 2022-03-31 15:15 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in vanessa219/vditor
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vanessa219 | vanessa219/vditor |
Affected:
unspecified , < 3.8.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8202aa06-4b49-45ff-aa0f-00982f62005c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vanessa219/vditor/commit/e912e36ea98251d700499b1ac7702708d3398476"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vanessa219/vditor",
"vendor": "vanessa219",
"versions": [
{
"lessThan": "3.8.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-31T15:15:14.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8202aa06-4b49-45ff-aa0f-00982f62005c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vanessa219/vditor/commit/e912e36ea98251d700499b1ac7702708d3398476"
}
],
"source": {
"advisory": "8202aa06-4b49-45ff-aa0f-00982f62005c",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in vanessa219/vditor",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0350",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in vanessa219/vditor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vanessa219/vditor",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.8.13"
}
]
}
}
]
},
"vendor_name": "vanessa219"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8202aa06-4b49-45ff-aa0f-00982f62005c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8202aa06-4b49-45ff-aa0f-00982f62005c"
},
{
"name": "https://github.com/vanessa219/vditor/commit/e912e36ea98251d700499b1ac7702708d3398476",
"refsource": "MISC",
"url": "https://github.com/vanessa219/vditor/commit/e912e36ea98251d700499b1ac7702708d3398476"
}
]
},
"source": {
"advisory": "8202aa06-4b49-45ff-aa0f-00982f62005c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0350",
"datePublished": "2022-03-31T15:15:14.000Z",
"dateReserved": "2022-01-24T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0341 (GCVE-0-2022-0341)
Vulnerability from nvd – Published: 2022-03-14 04:10 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in vanessa219/vditor
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12.
Severity ?
6.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vanessa219 | vanessa219/vditor |
Affected:
unspecified , < 3.8.12
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/fa546b57-bc15-4705-824e-9474b616f628"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vanessa219/vditor/commit/219f8a9e272aba3cbc0096a82cac776532dbb9e5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vanessa219/vditor",
"vendor": "vanessa219",
"versions": [
{
"lessThan": "3.8.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T04:10:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/fa546b57-bc15-4705-824e-9474b616f628"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vanessa219/vditor/commit/219f8a9e272aba3cbc0096a82cac776532dbb9e5"
}
],
"source": {
"advisory": "fa546b57-bc15-4705-824e-9474b616f628",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in vanessa219/vditor",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0341",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in vanessa219/vditor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vanessa219/vditor",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.8.12"
}
]
}
}
]
},
"vendor_name": "vanessa219"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/fa546b57-bc15-4705-824e-9474b616f628",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/fa546b57-bc15-4705-824e-9474b616f628"
},
{
"name": "https://github.com/vanessa219/vditor/commit/219f8a9e272aba3cbc0096a82cac776532dbb9e5",
"refsource": "MISC",
"url": "https://github.com/vanessa219/vditor/commit/219f8a9e272aba3cbc0096a82cac776532dbb9e5"
}
]
},
"source": {
"advisory": "fa546b57-bc15-4705-824e-9474b616f628",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0341",
"datePublished": "2022-03-14T04:10:09.000Z",
"dateReserved": "2022-01-24T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4103 (GCVE-0-2021-4103)
Vulnerability from nvd – Published: 2022-01-23 01:45 – Updated: 2024-08-03 17:16
VLAI?
Title
Cross-site Scripting (XSS) - Stored in vanessa219/vditor
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.
Severity ?
6.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vanessa219 | vanessa219/vditor |
Affected:
unspecified , < 1.0.34
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/67b980af-7357-4879-9448-a926c6474225"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vanessa219/vditor/commit/8d4d0889dd72b2f839e93a49db3da3a370416c7d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vanessa219/vditor",
"vendor": "vanessa219",
"versions": [
{
"lessThan": "1.0.34",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-23T01:45:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/67b980af-7357-4879-9448-a926c6474225"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vanessa219/vditor/commit/8d4d0889dd72b2f839e93a49db3da3a370416c7d"
}
],
"source": {
"advisory": "67b980af-7357-4879-9448-a926c6474225",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in vanessa219/vditor",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4103",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in vanessa219/vditor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vanessa219/vditor",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.0.34"
}
]
}
}
]
},
"vendor_name": "vanessa219"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/67b980af-7357-4879-9448-a926c6474225",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/67b980af-7357-4879-9448-a926c6474225"
},
{
"name": "https://github.com/vanessa219/vditor/commit/8d4d0889dd72b2f839e93a49db3da3a370416c7d",
"refsource": "MISC",
"url": "https://github.com/vanessa219/vditor/commit/8d4d0889dd72b2f839e93a49db3da3a370416c7d"
}
]
},
"source": {
"advisory": "67b980af-7357-4879-9448-a926c6474225",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4103",
"datePublished": "2022-01-23T01:45:11.000Z",
"dateReserved": "2021-12-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:16:04.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39150 (GCVE-0-2024-39150)
Vulnerability from cvelistv5 – Published: 2024-07-05 00:00 – Updated: 2024-11-13 17:17
VLAI?
Summary
vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet.
Severity ?
5.9 (Medium)
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T14:24:18.284268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T17:17:13.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://b3log.org/vditor/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:03:42.329Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://b3log.org/vditor/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39150",
"datePublished": "2024-07-05T00:00:00.000Z",
"dateReserved": "2024-06-21T00:00:00.000Z",
"dateUpdated": "2024-11-13T17:17:13.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-34449 (GCVE-0-2024-34449)
Vulnerability from cvelistv5 – Published: 2024-05-03 00:00 – Updated: 2024-08-02 02:51 Disputed
VLAI?
Summary
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34449",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-09T16:04:28.069836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:41:40.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:51:11.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Vanessa219/vditor/issues/1604"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Vanessa219/vditor/blob/b3a14d6e4462b0c17141e1fcc66173264ada64e0/README_en_US.md?plain=1#L310"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T15:54:42.612Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Vanessa219/vditor/issues/1604"
},
{
"url": "https://github.com/Vanessa219/vditor/blob/b3a14d6e4462b0c17141e1fcc66173264ada64e0/README_en_US.md?plain=1#L310"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-34449",
"datePublished": "2024-05-03T00:00:00.000Z",
"dateReserved": "2024-05-03T00:00:00.000Z",
"dateUpdated": "2024-08-02T02:51:11.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32855 (GCVE-0-2021-32855)
Vulnerability from cvelistv5 – Published: 2023-02-20 00:00 – Updated: 2025-03-10 21:08
VLAI?
Title
vditor vulnerable to Cross-site Scripting
Summary
Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:56.029Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://securitylab.github.com/advisories/GHSL-2021-1006-vditor/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Vanessa219/vditor/issues/1085"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Vanessa219/vditor/commit/1b2382d7f8a4ee509d9245db4450d926a0b24146"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-32855",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T21:00:23.830100Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:08:46.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vditor",
"vendor": "npm",
"versions": [
{
"lessThan": "3.8.7",
"status": "affected",
"version": "3.8.7",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-20T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://securitylab.github.com/advisories/GHSL-2021-1006-vditor/"
},
{
"url": "https://github.com/Vanessa219/vditor/issues/1085"
},
{
"url": "https://github.com/Vanessa219/vditor/commit/1b2382d7f8a4ee509d9245db4450d926a0b24146"
}
],
"source": {
"advisory": "GHSL-2021-1006",
"defect": [
"GHSL-2021-1006"
],
"discovery": "UNKNOWN"
},
"title": "vditor vulnerable to Cross-site Scripting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32855",
"datePublished": "2023-02-20T00:00:00.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2025-03-10T21:08:46.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0350 (GCVE-0-2022-0350)
Vulnerability from cvelistv5 – Published: 2022-03-31 15:15 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in vanessa219/vditor
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vanessa219 | vanessa219/vditor |
Affected:
unspecified , < 3.8.13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/8202aa06-4b49-45ff-aa0f-00982f62005c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vanessa219/vditor/commit/e912e36ea98251d700499b1ac7702708d3398476"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vanessa219/vditor",
"vendor": "vanessa219",
"versions": [
{
"lessThan": "3.8.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-31T15:15:14.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/8202aa06-4b49-45ff-aa0f-00982f62005c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vanessa219/vditor/commit/e912e36ea98251d700499b1ac7702708d3398476"
}
],
"source": {
"advisory": "8202aa06-4b49-45ff-aa0f-00982f62005c",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in vanessa219/vditor",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0350",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in vanessa219/vditor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vanessa219/vditor",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.8.13"
}
]
}
}
]
},
"vendor_name": "vanessa219"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/8202aa06-4b49-45ff-aa0f-00982f62005c",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/8202aa06-4b49-45ff-aa0f-00982f62005c"
},
{
"name": "https://github.com/vanessa219/vditor/commit/e912e36ea98251d700499b1ac7702708d3398476",
"refsource": "MISC",
"url": "https://github.com/vanessa219/vditor/commit/e912e36ea98251d700499b1ac7702708d3398476"
}
]
},
"source": {
"advisory": "8202aa06-4b49-45ff-aa0f-00982f62005c",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0350",
"datePublished": "2022-03-31T15:15:14.000Z",
"dateReserved": "2022-01-24T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0341 (GCVE-0-2022-0341)
Vulnerability from cvelistv5 – Published: 2022-03-14 04:10 – Updated: 2024-08-02 23:25
VLAI?
Title
Cross-site Scripting (XSS) - Stored in vanessa219/vditor
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12.
Severity ?
6.6 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vanessa219 | vanessa219/vditor |
Affected:
unspecified , < 3.8.12
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/fa546b57-bc15-4705-824e-9474b616f628"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vanessa219/vditor/commit/219f8a9e272aba3cbc0096a82cac776532dbb9e5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vanessa219/vditor",
"vendor": "vanessa219",
"versions": [
{
"lessThan": "3.8.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-14T04:10:09.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/fa546b57-bc15-4705-824e-9474b616f628"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vanessa219/vditor/commit/219f8a9e272aba3cbc0096a82cac776532dbb9e5"
}
],
"source": {
"advisory": "fa546b57-bc15-4705-824e-9474b616f628",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in vanessa219/vditor",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0341",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in vanessa219/vditor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vanessa219/vditor",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.8.12"
}
]
}
}
]
},
"vendor_name": "vanessa219"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/fa546b57-bc15-4705-824e-9474b616f628",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/fa546b57-bc15-4705-824e-9474b616f628"
},
{
"name": "https://github.com/vanessa219/vditor/commit/219f8a9e272aba3cbc0096a82cac776532dbb9e5",
"refsource": "MISC",
"url": "https://github.com/vanessa219/vditor/commit/219f8a9e272aba3cbc0096a82cac776532dbb9e5"
}
]
},
"source": {
"advisory": "fa546b57-bc15-4705-824e-9474b616f628",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0341",
"datePublished": "2022-03-14T04:10:09.000Z",
"dateReserved": "2022-01-24T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4103 (GCVE-0-2021-4103)
Vulnerability from cvelistv5 – Published: 2022-01-23 01:45 – Updated: 2024-08-03 17:16
VLAI?
Title
Cross-site Scripting (XSS) - Stored in vanessa219/vditor
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.
Severity ?
6.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vanessa219 | vanessa219/vditor |
Affected:
unspecified , < 1.0.34
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/67b980af-7357-4879-9448-a926c6474225"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vanessa219/vditor/commit/8d4d0889dd72b2f839e93a49db3da3a370416c7d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vanessa219/vditor",
"vendor": "vanessa219",
"versions": [
{
"lessThan": "1.0.34",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-23T01:45:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/67b980af-7357-4879-9448-a926c6474225"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vanessa219/vditor/commit/8d4d0889dd72b2f839e93a49db3da3a370416c7d"
}
],
"source": {
"advisory": "67b980af-7357-4879-9448-a926c6474225",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in vanessa219/vditor",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2021-4103",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in vanessa219/vditor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vanessa219/vditor",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.0.34"
}
]
}
}
]
},
"vendor_name": "vanessa219"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/67b980af-7357-4879-9448-a926c6474225",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/67b980af-7357-4879-9448-a926c6474225"
},
{
"name": "https://github.com/vanessa219/vditor/commit/8d4d0889dd72b2f839e93a49db3da3a370416c7d",
"refsource": "MISC",
"url": "https://github.com/vanessa219/vditor/commit/8d4d0889dd72b2f839e93a49db3da3a370416c7d"
}
]
},
"source": {
"advisory": "67b980af-7357-4879-9448-a926c6474225",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2021-4103",
"datePublished": "2022-01-23T01:45:11.000Z",
"dateReserved": "2021-12-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:16:04.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}