CVE-2022-25979
MEDIUMjsuites < 5.0.1 - Cross-Site Scripting via Editor Function
Title source: llmDescription
Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the Editor() function.
References (4)
Core 4
Core References
Patch, Third Party Advisory
https://github.com/jsuites/jsuites/commit/b31770d5fe91684a00177f629aab933139c32d9f
Issue Tracking, Third Party Advisory
https://github.com/jsuites/jsuites/issues/134
Exploit, Third Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253331
Exploit, Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-JSUITES-3226764
Scores
CVSS v3
5.4
EPSS
0.0030
EPSS Percentile
53.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
jsuites/jsuites
< 5.0.1
npm/jsuites
0 - 5.0.1npm
Published
Jan 31, 2023
Tracked Since
Feb 18, 2026