3 matches found
@chumager/itdfw-site-base (>=2.4.0 <=2.4.5), @simpleview/sv-mosaic (>=28.0.0-staging-2b964a <=38.0.1-62799cabb) +4 more potentially affected by CVE-2022-23461 via jodit (>=3.10.2 <=3.23.3)
jodit NPM version =3.10.2, =2.4.0, =28.0.0-staging-2b964a, =1.0.15, =1.0.0, =1.5.1, =1.4.58, =1.6.90 Source cves: CVE-2022-23461 Source advisory: OSV:GHSA-42HX-VRXX-5R6V...
CVE-2022-23461 Cross-Site Scripting (XSS) in Jodit Editor
Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds...
CVE-2022-23461
CVE-2022-23461 affects Jodit Editor, a TypeScript-based WYSIWYG editor. The vulnerability is an XSS flaw triggered by pasting specially constructed input, with current sources noting that the issue has not been fully patched and that there are no known workarounds. Public references (NVD/Red Hat ...