
We found results for “”
WS-2022-0175
Good to know:

Date: August 19, 2025
GrapesJs up to 0.19.4 vulnerable to Cross Site Scripting (XSS). Due to insufficient class name validation in GrapeJS library it's possible to add executable JS code in class name through Selector Manager. Version 0.19.5 contains a patch for this issue.
Language: JS
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | HIGH |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | LOW |
Availability (A): | NONE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | MEDIUM |
Authentication (AU): | SINGLE |
Confidentiality (C): | COMPLETE |
Integrity (I): | PARTIAL |
Availability (A): | NONE |
Additional information: |