vulnerability xss
severity 7.3
language javascript
registry npm

:book: Description

Mobiledoc Kit is a framework-agnostic library for building WYSIWYG editors supporting rich content via cards. This package is vulnerable for (XSS).

:recycle: Steps To Reproduce-:

  1. download and run latest release from Or use demo
  2. add jscode in editor. Payload used : "><img src=x onerror=alert(137)>

:telescope: POC

💥 Impact