Stephan Brandauer

**Name of the Vulnerable Software and Affected Versions** Editor.js versions prior to 2.26.0 **Description** The issue concerns a code injection vulnerability via pasted input in Editor.js, a block-style editor. The `processHTML` method is vulnerable as it passes pasted input into the wrapper's `innerHTML`. This allows for potential code injection attacks. **Recommendations** For versions prior to 2.26.0, update to version 2.26.0 to resolve the issue. As a temporary workaround, consider disabling the `processHTML` method until the patch is applied. Restrict access to pasted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jodit Editor (affected versions not specified) **Description** Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. It is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Toast UI Grid versions prior to 4.21.3 **Description** The issue concerns cross-site scripting attacks that can occur when pasting specially crafted content into editable cells. This can be exploited by attackers to execute malicious scripts. **Recommendations** For versions prior to 4.21.3, update to version 4.21.3 to resolve the issue. At the moment, there are no known workarounds for this issue.