Description

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Remediation

References

https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit/

Related Vulnerabilities

CVE-2022-25878 Vulnerability in maven package org.webjars.npm:protobufjs

CVE-2022-41251 Vulnerability in maven package org.jenkins-ci.plugins:apprenda

CVE-2017-18349 Vulnerability in maven package com.alibaba:fastjson

CVE-2020-7614 Vulnerability in npm package npm-programmatic

CVE-2023-29566 Vulnerability in npm package dawnsparks-node-tesseract

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory NVD-CWE-noinfo