Description
Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.
Remediation
References
https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit/
Related Vulnerabilities
CVE-2020-26299 Vulnerability in npm package ftp-srv
CVE-2021-40660 Vulnerability in maven package org.javadelight:delight-nashorn-sandbox
CVE-2021-34435 Vulnerability in npm package @theia/mini-browser
CVE-2021-23421 Vulnerability in npm package merge-change
CVE-2020-28452 Vulnerability in maven package com.softwaremill.akka-http-session:core_2.11