GHSA-42hx-vrxx-5r6v

Suggest an improvement
Source
https://github.com/advisories/GHSA-42hx-vrxx-5r6v
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-42hx-vrxx-5r6v/GHSA-42hx-vrxx-5r6v.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-42hx-vrxx-5r6v
Aliases
Published
2022-09-25T00:00:15Z
Modified
2023-11-08T04:08:18.370003Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Jodit Editor vulnerable to Cross-site Scripting
Details

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Database specific 
{
    "nvd_published_at": "2022-09-24T03:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-27T22:48:53Z"
}
References

Affected packages

npm / jodit

Package

Name
jodit
View open source insights on deps.dev
Purl
pkg:npm/jodit

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
3.24.2