{"id":"GHSA-589f-c66p-hxr4","summary":"grapesjs before 0.19.5 vulnerable to Cross-site Scripting","details":"The package grapesjs before 0.19.5 is vulnerable to Cross-site Scripting (XSS) due to an improper sanitization of the class name in Selector Manager.","aliases":["CVE-2022-21802"],"modified":"2023-11-08T04:08:10.634255Z","published":"2022-07-26T00:01:08Z","database_specific":{"severity":"MODERATE","github_reviewed":true,"nvd_published_at":"2022-07-25T14:15:00Z","cwe_ids":["CWE-79"],"github_reviewed_at":"2022-08-06T09:34:28Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21802"},{"type":"WEB","url":"https://github.com/artf/grapesjs/issues/4411%23issuecomment-1167202709"},{"type":"WEB","url":"https://github.com/artf/grapesjs/commit/13e85d152d486b968265c4b8017e8901e7d89ff3"},{"type":"PACKAGE","url":"https://github.com/artf/grapesjs"},{"type":"WEB","url":"https://github.com/artf/grapesjs/releases/tag/v0.19.5"},{"type":"WEB","url":"https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2936781"},{"type":"WEB","url":"https://security.snyk.io/vuln/SNYK-JS-GRAPESJS-2935960"}],"affected":[{"package":{"name":"grapesjs","ecosystem":"npm","purl":"pkg:npm/grapesjs"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-589f-c66p-hxr4/GHSA-589f-c66p-hxr4.json","last_known_affected_version_range":"\u003c 0.19.5"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}