CVE-2022-23461 MEDIUM

CVE-2022-23461: Cross-Site Scripting (XSS) in Jodit Editor

Vendor Xdan
Product Jodit Editor
Weakness CWE-79 · XSS
Published September 24, 2022
Last update April 22, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.

Key dates

02Disclosure timeline

September 24, 2022 CVE published
April 22, 2025 Record updated