Jodit Editor vulnerable to Cross-site Scripting (GHSA-42hx-vrxx-5r6v)

Severity:: Medium

Description

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Recommendation

No fix is available yet. Followings are affected versions:

<= 3.24.2

References

GHSA-42hx-vrxx-5r6v
CVE-2022-23461
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Jodit Editor vulnerable to cross-site scripting - CVE-2023-42399
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details - CVE-2022-39350
Materialize-css vulnerable to Cross-site Scripting in tooltip component (GHSA-98f7-p5rc-jx67) - CVE-2019-11002
Materialize-css vulnerable to Cross-site Scripting in autocomplete component (GHSA-7752-f4gf-94gc) - CVE-2019-11003

Tags:: npm; jodit

Anything's wrong? Let us know Last updated on January 28, 2023