Name of the Vulnerable Software and Affected Versions @progress/kendo-angular-editor versions prior to 1.2.3

Description The issue allows for Cross-Site Scripting when the Editor content contains potentially malicious scripts in element event handlers, which get executed. For example, adding the content <img src="" onerror=alert(document.domain)> to the Editor value demonstrates the problem.

Recommendations For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider sanitizing the Editor content to prevent the execution of malicious scripts.