Description

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Remediation

References

https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit/

Related Vulnerabilities

CVE-2020-27428 Vulnerability in npm package scratch-svg-renderer

CVE-2022-43409 Vulnerability in maven package org.jenkins-ci.plugins.workflow:workflow-support

CVE-2023-47325 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web

CVE-2023-0044 Vulnerability in maven package io.quarkus:quarkus-vertx-http

CVE-2020-13929 Vulnerability in maven package org.apache.zeppelin:zeppelin

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory NVD-CWE-noinfo