Lucene search

[email protected]NVD:CVE-2021-32855

HistoryFeb 21, 2023 - 3:15 p.m.

CVE-2021-32855

2023-02-2115:15:11

CWE-79

[email protected]

web.nvd.nist.gov

vditor

markdown editor

xss vulnerability

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.9%

JSON

Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue.

Affected configurations

Nvd

Node

b3logvditorRange<3.8.7

VendorProductVersionCPE
b3logvditor*cpe:2.3:a:b3log:vditor:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
b3log	vditor	*	cpe:2.3:a:b3log:vditor::::::::

References

github.com/Vanessa219/vditor/commit/1b2382d7f8a4ee509d9245db4450d926a0b24146

github.com/Vanessa219/vditor/issues/1085

securitylab.github.com/advisories/GHSL-2021-1006-vditor/

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.9%

JSON

Related for NVD:CVE-2021-32855

veracode1 cve1 osv2 github1 prion1 cvelist1