CVE-2024-29504: Summernote vulnerable to cross-site scripting

April 11, 2024

Cross Site Scripting vulnerability in Summernote v.0.8.18 and before allows a remote attacker to execute arbtirary code via a crafted payload to the codeview parameter.

References

gist.github.com/phoenix118go/a9192281efcfa518daa709ab7638712b
github.com/advisories/GHSA-4wh3-3wf2-39m9
github.com/summernote/summernote
github.com/summernote/summernote/pull/3782
nvd.nist.gov/vuln/detail/CVE-2024-29504

Detect and mitigate CVE-2024-29504 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →