Cross-Site Scripting in @progress/kendo-angular-editor
Kendo UI for Angular Editor Component (npm package @progress/kendo-angular-editor) is vulnerable to Cross-Site Scripting. When the Editor content contains potentially malicious scripts in element event handlers, they get executed. Adding the following content to the Editor value demonstrates the issue: <img src="" onerror=alert(document.domain)>.