CVE-2022-23458 Toast UI Grid is a component that displays and edits data. Versions before 4.21.3 are vulnerable to cross-site scripting attacks when pasted specially crafted content. This issue was fixed in 4.21.3.

When using a version 4.14.0 or earlier of this extension, a remote attacker may be able to inject arbitrary web script or HTML via a crafted URL. If a user views a maliciously crafted website, this issue could be used to compromise the user’s system. This issue was fixed in version 4.21.3. There are no known workarounds.

When using a version 4.14.0 or earlier of this extension, a remote attacker may be able to inject arbitrary web script or HTML via a crafted URL. If a user views a maliciously crafted website, this issue could be used to compromise the user’s system. This issue was fixed in version 4.21.3. There are no known workarounds.

When using a version 4.14.0 or earlier of this extension, a remote attacker may be able to inject arbitrary web script or HTML via a crafted URL. If a user views a maliciously crafted website, this issue could be used to compromise the user’s system. This issue was fixed in version 4.21.3. There are no known workarounds.

When using a version 4.14.0 or earlier of this extension, a remote attacker may be able to inject arbitrary web script or HTML via a crafted URL. If a user views a maliciously crafted website, this issue could be used to compromise the user’s system. This issue was fixed in version

Summary

When using a version 4.14.0 or earlier of this extension, a remote attacker may be able to inject arbitrary web script or HTML via a crafted URL. If a user views a maliciously crafted website, this issue could be used to compromise the user’s system. This issue was fixed in version 4.21.3. There are no known workarounds

Bypass-Only Mitigation

When using a version 4.14.0 or earlier of this extension, a remote attacker may be able to inject arbitrary web script or HTML via a crafted URL. If a user views a maliciously crafted website, this issue could be used to compromise the user’s system. This issue was fixed in version 4.21.3. There are no known workarounds.

When using a version 4.14.0 or earlier of this extension, a remote attacker may be able to inject arbitrary web script or HTML via a crafted URL. If a user views a maliciously crafted website, this issue could be used to compromise the user’s system. This issue was fixed in version 4.21.3. There are no known workarounds

Timeline

Published on: 09/22/2022 22:15:00 UTC
Last modified on: 09/24/2022 02:32:00 UTC

References