Open Rays-l opened 1 year ago
CVE ID: CVE-2023-42399
PRODUCT: JoditEditor < v.4.0.0-beta.86
DETAILS: Jodit Editor v.4.0.0 beta.86 has an XSS vulnerability where the rich text editor does not completely filter out malicious XSS attack statements. Using payload: can trigger</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/JoeBeeContrast"><img src="https://avatars.githubusercontent.com/u/93915313?v=4" />JoeBeeContrast</a> commented <strong> 1 year ago</strong> </div> <div class="markdown-body"> <p>Hi</p> <p>Which versions are vulnerable? the cve says only v.4.0.0-beta.86 is vulnerable but this issue says all but v.4.0.0-beta.86 are vulnerable</p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/kemotx90"><img src="https://avatars.githubusercontent.com/u/60275739?v=4" />kemotx90</a> commented <strong> 11 months ago</strong> </div> <div class="markdown-body"> <p>you can managing HTML tag approved by editor content read more from official doc <a href="https://xdsoft.net/jodit/docs/modules/plugins_clean_html.html">https://xdsoft.net/jodit/docs/modules/plugins_clean_html.html</a></p> </div> </div> <div class="comment"> <div class="user"> <a rel="noreferrer nofollow" target="_blank" href="https://github.com/detatsatrio"><img src="https://avatars.githubusercontent.com/u/8544828?v=4" />detatsatrio</a> commented <strong> 1 week ago</strong> </div> <div class="markdown-body"> <p>Any updates guys?</p> </div> </div> <div class="page-bar-simple"> </div> <div class="footer"> <ul class="body"> <li>© <script> document.write(new Date().getFullYear()) </script> Githubissues.</li> <li>Githubissues is a development platform for aggregating issues.</li> </ul> </div> <script src="https://cdn.jsdelivr.net/npm/jquery@3.5.1/dist/jquery.min.js"></script> <script src="/githubissues/assets/js.js"></script> <script src="/githubissues/assets/markdown.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/highlight.min.js"></script> <script src="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/go.min.js"></script> <script> hljs.highlightAll(); </script> </body> </html>
CVE ID: CVE-2023-42399
PRODUCT: JoditEditor < v.4.0.0-beta.86
DETAILS: Jodit Editor v.4.0.0 beta.86 has an XSS vulnerability where the rich text editor does not completely filter out malicious XSS attack statements. Using payload: