CVE-2025-3191

Sažetak

All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting (XSS) via the Embedded button which will then result in saving the payload in the <iframe> tag.

Reference

https://gist.github.com/th4s1s/175ae4b2632096059b42377dd6c49d47
https://security.snyk.io/vuln/SNYK-JS-REACTDRAFTWYSIWYG-8515884
https://gist.github.com/th4s1s/175ae4b2632096059b42377dd6c49d47

CVSS

Base:	6.1
Impact:	2.7
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

07-04-2025 - 14:18

Objavljeno

04-04-2025 - 05:15