GMS-2020-373: Cross-Site Scripting in mavon-editor
(updated )
All versions of mavon-editor are vulnerable to Cross-Site Scripting. The package fails to sanitize entered input, allowing attackers to execute arbitrary JavaScript in a victim’s browser. No fix is currently available. Consider using an alternative package until a fix is made available.
References
- github.com/advisories/GHSA-jfcc-rm7f-xgf8
- github.com/hinesboy/mavonEditor/commit/5592ec3761bd3b5a12ba6f99ce3c4057c6e33f72
- github.com/hinesboy/mavonEditor/issues/472
- github.com/hinesboy/mavonEditor/pull/548
- snyk.io/vuln/SNYK-JS-MAVONEDITOR-459108
- www.npmjs.com/advisories/1169
- www.npmjs.com/package/mavon-editor
Code Behaviors & Features
Detect and mitigate GMS-2020-373 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →