Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
facebook lexical |