CVE-2022-21802: 
JavaScript vulnerability analysis and mitigation

CVE-2022-21802 is a Cross-site Scripting (XSS) vulnerability discovered in the grapesjs package versions before 0.19.5. The vulnerability was disclosed on June 27, 2022, and published on July 18, 2022. The issue affects the Selector Manager component of grapesjs, a web builder framework, due to improper sanitization of class names (NVD, Snyk).

The vulnerability is classified as a Cross-site Scripting (XSS) issue with a CVSS v3.1 base score of 6.1 (Medium) according to NVD, and 5.4 (Medium) according to Snyk. The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating that it is network-accessible, requires low attack complexity, needs no privileges, but does require user interaction (NVD, Snyk).

The vulnerability could allow attackers to execute malicious scripts in the context of the user's browser session. This could potentially lead to unauthorized access to sensitive information, session hijacking, or delivery of malware. The impact is characterized by low confidentiality and integrity losses, with no direct impact on system availability (Snyk).

The vulnerability has been fixed in grapesjs version 0.19.5. Users are advised to upgrade to version 0.19.5 or higher to address this security issue. The fix involves protecting Selector Manager views from XSS attacks (GitHub Release).