ByteOS Network

NVD Vulnerability Details :

CVE-2025-64501

Awaiting Analysis

Source-security-advisories@github.com

Published At-10 Nov, 2025 | 22:15

Updated At-12 Nov, 2025 | 16:19

ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the `prosemirror_to_html` gem is vulnerable to Cross-Site Scripting (XSS) attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values are not, allowing attackers to inject arbitrary JavaScript code. Applications that use `prosemirror_to_html` to convert ProseMirror documents to HTML, user-generated ProseMirror content, and end users viewing the rendered HTML output are all at risk of attack. This issue is fixed in version 0.2.1.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 7.6

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	security-advisories@github.com

CWE ID: CWE-79

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/etaminstudio/prosemirror_to_html/commit/4d59f94f550bcabeec30d298791bbdd883298ad8	security-advisories@github.com	N/A
https://github.com/etaminstudio/prosemirror_to_html/security/advisories/GHSA-52c5-vh7f-26fx	security-advisories@github.com	N/A

Hyperlink: https://github.com/etaminstudio/prosemirror_to_html/commit/4d59f94f550bcabeec30d298791bbdd883298ad8

Source: security-advisories@github.com

Resource: N/A

Hyperlink: https://github.com/etaminstudio/prosemirror_to_html/security/advisories/GHSA-52c5-vh7f-26fx

Source: security-advisories@github.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History