Description

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Remediation

References

https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit/

Related Vulnerabilities

CVE-2016-10735 Vulnerability in maven package ua.mobius.media:bootstrap

CVE-2023-26486 Vulnerability in maven package org.webjars.bowergithub.vega:vega

CVE-2020-12265 Vulnerability in maven package org.webjars:decompress

CVE-2021-23356 Vulnerability in npm package kill-process-by-name

CVE-2022-38900 Vulnerability in maven package org.webjars.npm:decode-uri-component

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory NVD-CWE-noinfo