Vulnerability Details CVE-2021-32855
Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.1%
CVSS Severity
CVSS v3 Score 6.1
References
- https://github.com/Vanessa219/vditor/commit/1b2382d7f8a4ee509d9245db4450d926a0b24146
- https://github.com/Vanessa219/vditor/issues/1085
- https://securitylab.github.com/advisories/GHSL-2021-1006-vditor/
- https://github.com/Vanessa219/vditor/commit/1b2382d7f8a4ee509d9245db4450d926a0b24146
- https://github.com/Vanessa219/vditor/issues/1085
- https://securitylab.github.com/advisories/GHSL-2021-1006-vditor/
Products affected by CVE-2021-32855
-
cpe:2.3:a:b3log:vditor:-
-
cpe:2.3:a:b3log:vditor:0.2.0
-
cpe:2.3:a:b3log:vditor:1.0.0
-
cpe:2.3:a:b3log:vditor:1.1.11
-
cpe:2.3:a:b3log:vditor:1.10.10
-
cpe:2.3:a:b3log:vditor:1.10.11
-
cpe:2.3:a:b3log:vditor:1.2.10
-
cpe:2.3:a:b3log:vditor:1.3.5
-
cpe:2.3:a:b3log:vditor:1.4.7
-
cpe:2.3:a:b3log:vditor:1.5.12
-
cpe:2.3:a:b3log:vditor:1.6.12
-
cpe:2.3:a:b3log:vditor:1.7.25
-
cpe:2.3:a:b3log:vditor:1.8.16
-
cpe:2.3:a:b3log:vditor:1.9.7
-
cpe:2.3:a:b3log:vditor:2.0.15
-
cpe:2.3:a:b3log:vditor:2.1.15
-
cpe:2.3:a:b3log:vditor:2.2.19
-
cpe:2.3:a:b3log:vditor:3.0.12
-
cpe:2.3:a:b3log:vditor:3.1.23
-
cpe:2.3:a:b3log:vditor:3.2.12
-
cpe:2.3:a:b3log:vditor:3.3.10
-
cpe:2.3:a:b3log:vditor:3.3.11
-
cpe:2.3:a:b3log:vditor:3.3.12
-
cpe:2.3:a:b3log:vditor:3.3.4
-
cpe:2.3:a:b3log:vditor:3.3.5
-
cpe:2.3:a:b3log:vditor:3.3.6
-
cpe:2.3:a:b3log:vditor:3.3.8
-
cpe:2.3:a:b3log:vditor:3.3.9
-
cpe:2.3:a:b3log:vditor:3.4.0
-
cpe:2.3:a:b3log:vditor:3.4.1
-
cpe:2.3:a:b3log:vditor:3.4.2
-
cpe:2.3:a:b3log:vditor:3.4.3
-
cpe:2.3:a:b3log:vditor:3.4.4
-
cpe:2.3:a:b3log:vditor:3.4.5
-
cpe:2.3:a:b3log:vditor:3.4.6
-
cpe:2.3:a:b3log:vditor:3.4.7
-
cpe:2.3:a:b3log:vditor:3.5.2
-
cpe:2.3:a:b3log:vditor:3.5.3
-
cpe:2.3:a:b3log:vditor:3.5.4
-
cpe:2.3:a:b3log:vditor:3.5.5
-
cpe:2.3:a:b3log:vditor:3.6.0
-
cpe:2.3:a:b3log:vditor:3.6.1
-
cpe:2.3:a:b3log:vditor:3.6.3
-
cpe:2.3:a:b3log:vditor:3.6.6
-
cpe:2.3:a:b3log:vditor:3.7.0
-
cpe:2.3:a:b3log:vditor:3.7.1
-
cpe:2.3:a:b3log:vditor:3.7.2
-
cpe:2.3:a:b3log:vditor:3.7.3
-
cpe:2.3:a:b3log:vditor:3.7.4
-
cpe:2.3:a:b3log:vditor:3.7.5
-
cpe:2.3:a:b3log:vditor:3.7.6
-
cpe:2.3:a:b3log:vditor:3.8.0
-
cpe:2.3:a:b3log:vditor:3.8.1
-
cpe:2.3:a:b3log:vditor:3.8.2
-
cpe:2.3:a:b3log:vditor:3.8.3
-
cpe:2.3:a:b3log:vditor:3.8.4
-
cpe:2.3:a:b3log:vditor:3.8.5