Description
Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature.
Remediation
References
https://github.com/strapi/strapi/pull/8440
https://github.com/strapi/strapi/releases/tag/v3.2.5
Related Vulnerabilities
CVE-2018-14720 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2021-4278 Vulnerability in npm package tree-kit
CVE-2021-23631 Vulnerability in npm package convert-svg-core
CVE-2023-45133 Vulnerability in maven package org.webjars.npm:babel-traverse
CVE-2016-1000344 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on