WYSIWYG Editor Vulnerability in Jodit by xdan
CVE-2026-58263
7.2HIGH
What is CVE-2026-58263?
The Jodit Editor, a WYSIWYG editing tool, is susceptible to a cross-site scripting (XSS) vulnerability due to improper sanitization of HTML content. Versions prior to 4.12.28 allow an attacker to embed malicious scripts using a MathML or carrier that effectively bypasses the built-in clean-html sanitizer. This flaw may permit an attacker to inject live event handlers within the editor's output. Consequently, when the sanitized content is rendered in a user's browser, it can execute malicious scripts without user interaction, compromising user security. This vulnerability has been rectified in version 4.12.28.
Affected Version(s)
jodit < 4.12.28
