Vulnerability Database

319,703

Total vulnerabilities in the database

Cross-Site Scripting in @toast-ui/editor

Versions of @toast-ui/editor prior to 2.2.0 are vulnerable to Cross-Site Scripting (XSS). There are multiple bypasses to the package's built-in XSS sanitization. This may allow attackers to execute arbitrary JavaScript on a victim's browser.

Recommendation

Upgrade to version 2.2.0 or later.

Published: Sep 3, 2020
Updated: Apr 14, 2023
GHSA: GHSA-cr56-66mx-293v
Severity: High
Exploit:

No technical information available.

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
@toast-ui / editor	-	2.2.0

https://github.com/nhn/tui.editor/commit/5f62f5eeda9e8f8bcf2075e8e0e10d22bf56d1a7
https://github.com/nhn/tui.editor/issues/733
https://github.com/nhn/tui.editor/pull/1010
https://www.npmjs.com/advisories/1521

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo