Description
Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.
Remediation
References
https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit/
Related Vulnerabilities
CVE-2021-39150 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2021-23425 Vulnerability in npm package trim-off-newlines
CVE-2021-41117 Vulnerability in npm package keypair
CVE-2022-25167 Vulnerability in maven package org.apache.flume:flume-parent
CVE-2022-23458 Vulnerability in maven package org.webjars.bowergithub.nhn:tui.grid