CVE-2022-23458

Toast UI Grid is a component to display and edit data. Versions prior to 4.21.3 are vulnerable to cross-site scripting attacks when pasting specially crafted content into editable cells. This issue was fixed in version 4.21.3. There are no known workarounds.
Configurations

Configuration 1 (hide)

cpe:2.3:a:nhn:toast_ui_grid:*:*:*:*:*:*:*:*

History

24 Sep 2022, 02:32

Type Values Removed Values Added
CPE cpe:2.3:a:nhn:toast_ui_grid:*:*:*:*:*:*:*:*
References (CONFIRM) https://securitylab.github.com/advisories/GHSL-2022-029_nhn_tui_grid/ - (CONFIRM) https://securitylab.github.com/advisories/GHSL-2022-029_nhn_tui_grid/ - Exploit, Third Party Advisory
References (MISC) https://github.com/nhn/tui.grid/commit/e9db5968675ae113c07efc091cce210f2b26854f - (MISC) https://github.com/nhn/tui.grid/commit/e9db5968675ae113c07efc091cce210f2b26854f - Patch, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
First Time Nhn
Nhn toast Ui Grid

22 Sep 2022, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-22 22:15

Updated : 2022-09-24 02:32


NVD link : CVE-2022-23458

Mitre link : CVE-2022-23458


JSON object : View

Products Affected

nhn

  • toast_ui_grid
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')