Description

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Remediation

References

https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit/

Related Vulnerabilities

CVE-2020-7661 Vulnerability in npm package url-regex

CVE-2018-18628 Vulnerability in maven package ro.pippo:pippo-session

CVE-2020-7793 Vulnerability in npm package ua-parser-js

CVE-2022-0219 Vulnerability in maven package io.github.skylot:jadx-core

CVE-2022-0839 Vulnerability in maven package org.liquibase:liquibase-core

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory NVD-CWE-noinfo