Jodit Editor vulnerable to cross-site scripting

Severity:: Medium

Description

Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component.

Recommendation

No fix is available yet. Followings are affected versions:

= 4.0.0-beta.86

References

GHSA-95xr-cq6h-vwr3
CVE-2023-42399
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

editor.md vulnerable to Cross-site Scripting - CVE-2023-29641
Jodit Editor vulnerable to Cross-site Scripting - jodit - CVE-2022-23461
Pandao Editor.md vulnerable to cross-site scripting (XSS) in editor parameter - CVE-2020-19698
layui vulnerable to cross-site scripting - CVE-2023-3691

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; jodit

Anything's wrong? Let us know Last updated on November 04, 2023