Stored Cross-site Scripting (XSS) in excalidraw's web embed component
A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted.
Advisories for Npm/@Excalidraw/Excalidraw package
2024
2023
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Versions of the package @excalidraw/excalidraw from 0.0.0 is vulnerable to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization.