CVE-2019-20903

九月 30, 2020 - 未分类

CVE-Search
CVE-2019-20903

CVE-2019-20903

Summary

The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets.

References

https://atlaskit.atlassian.com/packages/editor/editor-core/changelog/113.1.5
https://confluence.atlassian.com/pages/viewpage.action?pageId=1021244735
https://www.npmjs.com/package/@atlaskit/editor-core

Vulnerable Configurations

CVSS

Base:	5.0
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

01-10-2020 – 02:15

Published

01-10-2020 – 02:15

Last modified

01-10-2020 – 02:15

Notice: Undefined variable: canUpdate in /var/www/html/wordpress/wp-content/plugins/wp-autopost-pro/wp-autopost-function.php on line 51

xxx

xxx站点

CVE-2019-20903