-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaScriptJavaScriptMiggo AIRoot Cause AnalysisThe vulnerability manifests in the code view toggle functionality where user-supplied HTML is rendered without adequate sanitization. Multiple sources confirm the XSS payload executes when toggling views, indicating the input processing in this specific component lacks proper neutralization of dangerous HTML elements and event handlers. The codeview.js module is logically responsible for handling this functionality in SummerNote's architecture.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| summernote | npm | <= 0.8.20 |
Ongoing coverage of React2Shell