MEDIUM 6.1

GHSA-95xr-cq6h-vwr3

Jodit Editor vulnerable to cross-site scripting

Details

Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / jodit

No fixed version published yet for jodit (npm). Pin to a known-safe version or switch to an alternative.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-42399 [ADVISORY]
https://github.com/xdan/jodit/issues/1017 [WEB]
https://github.com/xdan/jodit [PACKAGE]