CVE-2021-31712

Published: 2021-04-24T21:15Z

Last Modified: 2024-11-21T06:06Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt