Advisories for Npm/Kendo-Ui-Core package

2018

Cross-site Scripting

Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload would be executed.