Search for packages
| purl | pkg:npm/vditor@1.1.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-a4ch-e314-wfc8
Aliases: CVE-2021-32855 GHSA-vfmp-9999-6wqj |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 is vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue. |
Affected by 2 other vulnerabilities. |
|
VCID-bvq3-s9r6-dkdv
Aliases: CVE-2022-0341 GHSA-pq37-4c4g-v38c |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.12. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-dnkm-ry7a-6kam
Aliases: CVE-2022-0350 GHSA-689x-x68p-fph3 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T03:30:24.056789+00:00 | GitLab Importer | Affected by | VCID-a4ch-e314-wfc8 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vditor/CVE-2021-32855.yml | 38.6.0 |
| 2026-06-06T01:38:50.436221+00:00 | GitLab Importer | Affected by | VCID-dnkm-ry7a-6kam | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vditor/CVE-2022-0350.yml | 38.6.0 |
| 2026-06-06T01:35:19.172930+00:00 | GitLab Importer | Affected by | VCID-bvq3-s9r6-dkdv | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vditor/CVE-2022-0341.yml | 38.6.0 |