Jodit Editor vulnerable to Cross-site Scripting - jodit

Description

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 3.24.2

References

• GHSA-42hx-vrxx-5r6v
• CVE-2022-23461
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Jodit Editor vulnerable to cross-site scripting - CVE-2023-42399
• Pandao Editor.md vulnerable to cross-site scripting (XSS) in iframe src parameter - CVE-2020-19697
• materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input - CVE-2022-25349
• Joplin Desktop App vulnerable to Cross-site Scripting - CVE-2022-45598

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

jodit