jodit icon indicating copy to clipboard operation
jodit copied to clipboard

Published 20 hours ago verified publisher icon xdan

Jodit Editor vulnerable to Cross-site Scripting

Open avinashk2946 opened this issue 8 months ago • 1 comments

Jodit Version: 3.24.2

Browser: Chrome OS: Windows Is React App: True

Description

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

References https://nvd.nist.gov/vuln/detail/CVE-2022-23461 https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit/

https://github.com/advisories/GHSA-42hx-vrxx-5r6v

Code <div onclick="(function(){ alert('Hey i am calling'); return false; })();return false;">fdfdfjdhfshdsj</div>

Output image

avinashk2946 avatar May 31 '24 10:05 avinashk2946