Skip to content

Clipboard-based XSS

Low
hodeware published GHSA-qh7x-j4v8-qw5w Sep 21, 2021

Package

npm jsuites.js (npm)

Affected versions

< 4.9.11

Patched versions

4.9.11

Description

Impact

XSS against the user.

Details

jsuites is vulnerable to DOM based XSS if the user can be tricked into copying anything from a malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to innerHTML causing XSS.

References

The Curious Case of Copy & Paste – on risks of pasting arbitrary content in browsers: https://research.securitum.com/the-curious-case-of-copy-paste/

Severity

Low

CVE ID

CVE-2021-41086

Weaknesses

Credits