AIKIDO-2024-10341

@syncfusion/ej2-documenteditor is vulnerable to Cross-site Scripting (XSS)

Low

@syncfusion/ej2-documenteditor js

AIKIDO-2024-10341: @syncfusion/ej2-documenteditor is vulnerable to Cross-site Scripting (XSS) in versions 26.2.4 - 27.1.52.

Cross-site Scripting (XSS)

Vuln in 26.2.4 - 27.1.52

Fixed in 27.1.53

No CVE available

TL;DR

Affected versions of the package are vulnerable to Cross-site Scripting (XSS). In the comment section of the document editor, user input is possibly not sanitized.

Who does this affect?

You're affected if you are using a version which is within vulnerability ranges.

How can it be fixed?

Upgrade @syncfusion/ej2-documenteditor library to patch version.

Background info

Link to vendor website

🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium

🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US

AIKIDO-2024-10341

@syncfusion/ej2-documenteditor is vulnerable to Cross-site Scripting (XSS)

@syncfusion/ej2-documenteditor js

AIKIDO-2024-10341: @syncfusion/ej2-documenteditor is vulnerable to Cross-site Scripting (XSS) in versions 26.2.4 - 27.1.52.

Don’t be left in the dark