CVE-2022-23461

MEDIUM6.1EPSS 0.11%

Jodit Editor vulnerable to Cross-site Scripting

Published: 9/25/2022Modified: 11/8/2023

Description

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Affected packages (1)

npm/joditfrom 0, <= 3.24.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-23461
ADVISORYhttps://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit
PATCHhttps://github.com/xdan/jodit