Cross-Site Scripting Vulnerability in React Draft Wysiwyg by JPuri
CVE-2021-31712

5.4MEDIUM

What is CVE-2021-31712?

A vulnerability in React Draft Wysiwyg before version 1.14.6 allows an attacker to exploit a JavaScript URI within a link target when a draft is shared among users. This can lead to execution of arbitrary JavaScript code in the context of the user’s session, posing significant risks for data integrity and security.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.