Description
Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035.
Remediation
References
https://github.com/gleez/cms/issues/796
https://github.com/TylerGarlick/angular-redactor/issues/77
Related Vulnerabilities
CVE-2023-35165 Vulnerability in npm package aws-cdk-lib
CVE-2020-28502 Vulnerability in npm package xmlhttprequest-ssl
CVE-2021-21290 Vulnerability in maven package io.netty:netty-common
CVE-2023-40989 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-common
CVE-2023-49380 Vulnerability in maven package com.jfinal:jfinal