CVE-2021-41086

Cross-site Scripting in npm/jsuites

Identifier

CVE-2021-41086

Package Slug

npm/jsuites

Vulnerability

Cross-site Scripting

Description

jsuites is an open source collection of common required javascript web components. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying anything malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to innerHTML allowing for javascript injection and thus XSS.

Affected Versions

All versions before 4.9.11

Solution

Upgrade to version 4.9.11 or above.

Last Modified

2021-10-01

source