Description

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Remediation

References

https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit/

Related Vulnerabilities

CVE-2020-13822 Vulnerability in maven package org.webjars.npm:elliptic

CVE-2020-26302 Vulnerability in maven package org.webjars.bowergithub.arasatasaygin:is.js

CVE-2018-6464 Vulnerability in maven package org.webjars.bower:simditor

CVE-2022-25851 Vulnerability in npm package jpeg-js

CVE-2022-36915 Vulnerability in maven package org.jenkins-ci.plugins:android-signing

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory NVD-CWE-noinfo