GHSA-42hx-vrxx-5r6v

Source

https://github.com/advisories/GHSA-42hx-vrxx-5r6v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-42hx-vrxx-5r6v/GHSA-42hx-vrxx-5r6v.json

Aliases

CVE-2022-23461

Published

2022-09-25T00:00:15Z

Modified

2023-11-08T04:08:18.370003Z

Details

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-23461
https://github.com/xdan/jodit
https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit

Affected packages

npm / jodit

Package

Name: jodit

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Last affected

3.24.2