CVE-2022-23461

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in npm/jodit

Identifiers

CVE-2022-23461

Package Slug

npm/jodit

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Affected Versions

All versions starting from 3.0.0 up to 3.20.4

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-09-29

source