The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets.
References
Link | Resource |
---|---|
https://atlaskit.atlassian.com/packages/editor/editor-core/changelog/113.1.5 | Release Notes Vendor Advisory |
https://confluence.atlassian.com/pages/viewpage.action?pageId=1021244735 | Vendor Advisory |
https://www.npmjs.com/package/%40atlaskit/editor-core |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2020-09-30T00:00:00
Updated: 2020-10-01T01:30:19
Reserved: 2020-07-07T00:00:00
Link: CVE-2019-20903
JSON object: View
NVD Information
Status : Modified
Published: 2020-10-01T02:15:12.513
Modified: 2023-11-07T03:09:14.203
Link: CVE-2019-20903
JSON object: View
Redhat Information
No data.
CWE