CVE-2022-23458 Toast UI Grid is a component that displays and edits data. Versions before 4.21.3 are vulnerable to cross-site scripting attacks when pasted specially crafted content. This issue was fixed in 4.21.3.
When using a version 4.14.0 or earlier of this extension, a remote attacker may be able to inject arbitrary web script or HTML via a crafted URL. If a user views a maliciously crafted website, this issue could be used to compromise the user’s system. This issue was fixed in version 4.21.3. There are no known workarounds.
When using a version 4.14.0 or earlier of this extension, a remote attacker may be able to inject arbitrary web script or HTML via a crafted URL. If a user views a maliciously crafted website, this issue could be used to compromise the user’s system. This issue was fixed in version 4.21.3. There are no known workarounds.
When using a version 4.14.0 or earlier of this extension, a remote attacker may be able to inject arbitrary web script or HTML via a crafted URL. If a user views a maliciously crafted website, this issue could be used to compromise the user’s system. This issue was fixed in version 4.21.3. There are no known workarounds.
When using a version 4.14.0 or earlier of this extension, a remote attacker may be able to inject arbitrary web script or HTML via a crafted URL. If a user views a maliciously crafted website, this issue could be used to compromise the user’s system. This issue was fixed in version
Summary
When using a version 4.14.0 or earlier of this extension, a remote attacker may be able to inject arbitrary web script or HTML via a crafted URL. If a user views a maliciously crafted website, this issue could be used to compromise the user’s system. This issue was fixed in version 4.21.3. There are no known workarounds
Bypass-Only Mitigation
When using a version 4.14.0 or earlier of this extension, a remote attacker may be able to inject arbitrary web script or HTML via a crafted URL. If a user views a maliciously crafted website, this issue could be used to compromise the user’s system. This issue was fixed in version 4.21.3. There are no known workarounds.
When using a version 4.14.0 or earlier of this extension, a remote attacker may be able to inject arbitrary web script or HTML via a crafted URL. If a user views a maliciously crafted website, this issue could be used to compromise the user’s system. This issue was fixed in version 4.21.3. There are no known workarounds
Timeline
Published on: 09/22/2022 22:15:00 UTC
Last modified on: 09/24/2022 02:32:00 UTC