Description

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Remediation

References

https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit/

Related Vulnerabilities

CVE-2020-7729 Vulnerability in maven package org.webjars.npm:grunt

CVE-2022-25885 Vulnerability in npm package muhammara

CVE-2021-23344 Vulnerability in npm package total.js

CVE-2022-25881 Vulnerability in maven package org.webjars.npm:http-cache-semantics

CVE-2022-41965 Vulnerability in maven package org.opencastproject:opencast-engage-paella-player

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory NVD-CWE-noinfo