{"id":"CVE-2022-25979","details":"Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the Editor() function.\r\r\r","aliases":["GHSA-r4hg-4cpq-q57c"],"modified":"2026-04-10T04:46:05.064965Z","published":"2023-01-31T05:15:11.927Z","references":[{"type":"REPORT","url":"https://github.com/jsuites/jsuites/issues/134"},{"type":"FIX","url":"https://github.com/jsuites/jsuites/commit/b31770d5fe91684a00177f629aab933139c32d9f"},{"type":"EVIDENCE","url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253331"},{"type":"EVIDENCE","url":"https://security.snyk.io/vuln/SNYK-JS-JSUITES-3226764"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jsuites/jsuites","events":[{"introduced":"0"},{"fixed":"b31770d5fe91684a00177f629aab933139c32d9f"}]},{"type":"GIT","repo":"https://github.com/jsuites/jsuites","events":[{"introduced":"0"},{"fixed":"b31770d5fe91684a00177f629aab933139c32d9f"}]}],"versions":["v3.1.0","v3.5.0","v3.7.0","v3.9.9","v4.17.5","v4.4.2","v4.9.11"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25979.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"5.0.1"}]},{"events":[{"introduced":"0"},{"fixed":"5.0.1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}