CVE-2024-34449: Vditor allows Cross-site Scripting via an attribute of an `A` element
Vditor 3.10.3 allows XSS via an attribute of an A
element.
NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true
.
References
Detect and mitigate CVE-2024-34449 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →