react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-04-24T20:56:59

Updated: 2024-08-03T23:03:33.794Z

Reserved: 2021-04-23T00:00:00

Link: CVE-2021-31712

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-04-24T21:15:07.490

Modified: 2024-11-21T06:06:08.890

Link: CVE-2021-31712

cve-icon Redhat

No data.