Description
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.
Remediation
References
https://github.com/rhysd/Shiba/issues/42
https://github.com/rhysd/Shiba/commit/e8a65b0f81eb04903eedd29500d7e1bedf249eab
Related Vulnerabilities
CVE-2020-7769 Vulnerability in maven package org.webjars.npm:nodemailer
CVE-2023-26111 Vulnerability in npm package node-static
CVE-2022-41713 Vulnerability in maven package org.webjars.npm:deep-object-diff
CVE-2017-16008 Vulnerability in maven package org.webjars:i18next
CVE-2023-22457 Vulnerability in maven package org.xwiki.contrib:application-ckeditor-plugins