Description

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Remediation

References

https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit/

Related Vulnerabilities

CVE-2022-24375 Vulnerability in npm package node-opcua

CVE-2021-43138 Vulnerability in npm package async

CVE-2023-37944 Vulnerability in maven package org.datadog.jenkins.plugins:datadog

CVE-2011-1772 Vulnerability in maven package org.apache.struts.xwork:xwork-core

CVE-2019-14862 Vulnerability in maven package org.webjars.bowergithub.knockout:knockout

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory