PT-2022-16003 · Unknown · Jodit Editor

Bananabr

Published

2022-09-24

Updated

2022-09-27

CVE-2022-23461

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Jodit Editor (affected versions not specified)

Description Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. It is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-23461

GHSA-42HX-VRXX-5R6V

Affected Products

Jodit Editor

PT-2022-16003 · Unknown · Jodit Editor

CVE-2022-23461

Weakness Enumeration

Related Identifiers

Affected Products

References · 8