all InfoSec news
Ran into a interesting False-Positive related to a third party WYSIWYG editor, need some feedback
July 22, 2023, 2:20 a.m. | /u/n0obno0b717
cybersecurity www.reddit.com
I’m a AppSec Engineer and our SCA scanner picked up a vulnerability for a javascript WYSIWG editor that was tagged as Disputed in the NVD. This finding was High severity.
I don’t have the specifics for CVE or package, but those details should not matter here.
Basically, the text editor allows a user to add their own HTML and does not restrict its usage. A security researcher reported that this allowed them to add JS and execute a …
appsec cve cybersecurity don editor engineer feedback hey high javascript nvd package party sca scanner severity third vulnerability
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
Red Team Penetration Tester and Operator, Junior
@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
Director, Security Operations & Risk Management
@ Live Nation Entertainment | Toronto, ON
IT and Security Specialist APAC (F/M/D)
@ Flowdesk | Singapore, Singapore, Singapore
Senior Security Controls Assessor
@ Capgemini | Washington, DC, District of Columbia, United States; McLean, Virginia, United States
GRC Systems Solution Architect
@ Deloitte | Midrand, South Africa
Cybersecurity Subject Matter Expert (SME)
@ SMS Data Products Group, Inc. | Fort Belvoir, VA, United States