Description
Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035.
Remediation
References
https://github.com/TylerGarlick/angular-redactor/issues/77
https://github.com/gleez/cms/issues/796
Related Vulnerabilities
CVE-2017-16084 Vulnerability in npm package list-n-stream
CVE-2023-3691 Vulnerability in maven package org.webjars.bower:layui
CVE-2020-7779 Vulnerability in npm package djvalidator
CVE-2022-23510 Vulnerability in npm package @cubejs-backend/api-gateway
CVE-2023-39410 Vulnerability in maven package org.apache.avro:avro