Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-23461 Vulnerability in maven package org.webjars.npm:jodit

Description

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Remediation

References

https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit/

Related Vulnerabilities

CVE-2021-34082 Vulnerability in npm package proctree

CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-hive

CVE-2023-26102 Vulnerability in npm package rangy

CVE-2020-11021 Vulnerability in npm package @actions/http-client

CVE-2023-3691 Vulnerability in maven package org.webjars.bowergithub.layui:layui

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory NVD-CWE-noinfo