Description

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Remediation

References

https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit/

Related Vulnerabilities

CVE-2019-14653 Vulnerability in maven package org.webjars.bower:editor.md

CVE-2021-32659 Vulnerability in npm package matrix-appservice-bridge

CVE-2020-28458 Vulnerability in npm package datatables.net

CVE-2020-28462 Vulnerability in npm package ion-parser

CVE-2019-17495 Vulnerability in maven package org.webjars.npm:swagger-ui

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory