CVE-2022-23461

Опубликовано: 24 сент. 2022

Источник: nvd

CVSS3: 5.4

CVSS3: 6.1

EPSS Низкий

Описание

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Ссылки

https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit/
Exploit
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xdsoft:jodit_editor:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.20.4 (включая)

EPSS

Процентиль: 32%

0.00121

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-42hx-vrxx-5r6v

CVSS3: 6.1

github

больше 3 лет назад

Jodit Editor vulnerable to Cross-site Scripting

EPSS

Процентиль: 32%

0.00121

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79