Vanessa219/vditor

Vanessa219/vditor

Releases86

Frequency4 weeks 2 hours

Last Release 9 months ago

Stars11K

♏ 一款浏览器端的 Markdown 编辑器，支持所见即所得（富文本）、即时渲染（类似 Typora）和分屏预览模式。An In-browser Markdown editor, support WYSIWYG (Rich Text), Instant Rendering (Typora-like) and Split View modes.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-34449 ↗	May 3, 2024Friday, 3 May 2024, 16:15	6.1 MEDIUM	—
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true.
CVE-2021-32855 ↗	Feb 21, 2023Tuesday, 21 February 2023, 15:15	6.1 MEDIUM	—
Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue.
CVE-2022-0350 ↗	Mar 31, 2022Thursday, 31 March 2022, 16:15	5.4 MEDIUM	3.5 LOW
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.
CVE-2022-0341 ↗	Mar 14, 2022Monday, 14 March 2022, 04:15	5.4 MEDIUM	3.5 LOW
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12.
CVE-2021-4103 ↗	Jan 23, 2022Sunday, 23 January 2022, 02:15	5.4 MEDIUM	3.5 LOW
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.