CVE-2021-41086: Cross-site Scripting

September 21, 2021 (updated September 29, 2021)

jsuites is an open source collection of common required javascript web components. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying anything malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to innerHTML allowing for javascript injection and thus XSS.

References

nvd.nist.gov/vuln/detail/CVE-2021-41086

Detect and mitigate CVE-2021-41086 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →