Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-0350: :arrow_up: · Vanessa219/vditor@e912e36

Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.

CVE
Open in Source
#xss#vulnerability#js#git#auth

Skip to content

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

*   Explore
*   All features
*   Documentation
*   GitHub Skills
*   Blog

    • For

    • Enterprise

    • Teams

    • Startups

    • Education

    • By Solution

    • CI/CD & Automation

    • DevOps

    • DevSecOps

    • Case Studies

    • Customer Stories

    • Resources

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

*   Repositories
*   Topics
*   Trending
*   Collections

  • Pricing

  • Notifications

  • Fork 643

  • Code

  • Issues 83

  • Pull requests 1

  • Security

  • Insights

Permalink

Showing 4 changed files with 7 additions and 6 deletions.

  • CHANGELOG.md
    • comment.js
  • package.json
    • lute.min.js

@@ -99,6 +99,7 @@

v3.8.13 / 2022-04

* [1206](https://github.com/Vanessa219/vditor/issues/1206) 评论语法解析和行级 HTML 解析冲突 `修复缺陷`

* [1054](https://github.com/Vanessa219/vditor/issues/1054) disabled 后应禁止粘贴 `修复缺陷`

* [1162](https://github.com/Vanessa219/vditor/issues/1162) XSS 安全漏洞 `修复缺陷`

* [1203](https://github.com/Vanessa219/vditor/issues/1203) 支持 solidity, yul 语法 `引入特性`

@@ -66,7 +66,7 @@ const renderComments = (ids) => {

cmtElement.innerHTML = `<div>

${text}<br>

<button>删除</button><br>

<input>

<input>

</div>`

cmtElement.value = text

document.getElementById(‘comments’).

@@ -127,7 +127,7 @@ window.vditor = new Vditor('vditor’, {

cmtElement.innerHTML = `<div>

${text}<br>

<button>删除</button><br>

<input>

<input>

</div>`

cmtElement.value = text

if (index === 0) {

@@ -1,6 +1,6 @@

{

"name": "vditor",

"version": "3.8.12",

"version": "3.8.13",

"description": "♏ 易于使用的 Markdown 编辑器,为适配不同的应用场景而生",

"author": "Vanessa [email protected] (http://vanessa.b3log.org)",

"homepage": "https://b3log.org/vditor",

Large diffs are not rendered by default.

0 comments on commit e912e36

Please sign in to comment.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE