Cross-Site Scripting (XSS) in Jodit Editor
CVE-2022-23461

5.4MEDIUM

Key Information:

Vendor

Xdan

Vendor
CVE Published:
24 September 2022

What is CVE-2022-23461?

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Affected Version(s)

Jodit Editor 3.20.4

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.