XSS PoC : [xss](https://google.com/"//onmousemove="alert(document.domain)) > I can insert an onerror. But I can't log in without a Chinese phone number, so I can't test
1. Open the vanessa219/vditor 2. Enter the XSS PoC (Strangely, it doesn't insert at once, so I have to try inserting several times) 3. When the user hovers the mouse over the link, XSS is triggered via a mouse event.
Video : https://www.youtube.com/watch?v=pKQMbrezdCs
Reporting Timeline (0341)
2022-01-23 12h 24m : Reported this issue via the huntr
2022-01-24 13h 06m : Validated this issue by vanessa219
2022-01-24 13h 06m : Assigned a CVE-2022-0341
2022-03-14 10h 56m : Patched this issue by vanessa219