CVE-2022-23461 – jodit

Package

Manager: npm
Name: jodit
Vulnerable Version: >=0 <=3.24.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00324 pctl0.54786

Details

Jodit Editor vulnerable to Cross-site Scripting Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Metadata

Created: 2022-09-25T00:00:15Z
Modified: 2022-09-27T22:48:53Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-42hx-vrxx-5r6v/GHSA-42hx-vrxx-5r6v.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-42hx-vrxx-5r6v
Finding: F008
Auto approve: 1