Description

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Remediation

References

https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit/

Related Vulnerabilities

CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-jms-processors

CVE-2021-3757 Vulnerability in npm package immer

CVE-2022-1295 Vulnerability in npm package fullpage.js

CVE-2022-22965 Vulnerability in maven package org.springframework.boot:spring-boot-starter-webflux

CVE-2021-21341 Vulnerability in maven package com.thoughtworks.xstream:xstream

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory NVD-CWE-noinfo