{"id":"CVE-2021-32855","details":"Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue.","aliases":["GHSA-vfmp-9999-6wqj"],"modified":"2026-04-10T04:33:58.317401Z","published":"2023-02-21T15:15:11.267Z","references":[{"type":"REPORT","url":"https://github.com/Vanessa219/vditor/issues/1085"},{"type":"FIX","url":"https://github.com/Vanessa219/vditor/commit/1b2382d7f8a4ee509d9245db4450d926a0b24146"},{"type":"EVIDENCE","url":"https://securitylab.github.com/advisories/GHSL-2021-1006-vditor/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vanessa219/vditor","events":[{"introduced":"0"},{"fixed":"e48f4bc4299effb7e73000cd6db05600ca46aa21"},{"fixed":"1b2382d7f8a4ee509d9245db4450d926a0b24146"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.8.7"}]}}],"versions":["1.7.25","v0.2.0","v1.0.0","v1.1.11","v1.10.10","v1.10.11","v1.2.10","v1.3.5","v1.4.7","v1.5.12","v1.6.12","v1.8.16","v1.9.7","v2.0.15","v2.2.19","v3.0.12","v3.1.23","v3.2.12","v3.3.10","v3.3.11","v3.3.12","v3.3.4","v3.3.5","v3.3.6","v3.3.8","v3.3.9","v3.4.0","v3.4.1","v3.4.2","v3.4.3","v3.4.4","v3.4.5","v3.4.6","v3.4.7","v3.5.2","v3.5.3","v3.5.4","v3.5.5","v3.6.0","v3.6.1","v3.6.3","v3.6.6","v3.7.0","v3.7.1","v3.7.2","v3.7.3","v3.7.4","v3.7.5","v3.7.6","v3.8.0","v3.8.1","v3.8.2","v3.8.3","v3.8.4","v3.8.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32855.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}