{"id":"CVE-2022-23461","summary":"Cross-Site Scripting (XSS) in Jodit Editor","details":"Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workarounds.","aliases":["GHSA-42hx-vrxx-5r6v"],"modified":"2026-04-11T12:38:40.402239Z","published":"2022-09-24T03:05:08Z","database_specific":{"unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"last_affected":"3.20.4"}]}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23461.json","cwe_ids":["CWE-79"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23461.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23461"},{"type":"ADVISORY","url":"https://securitylab.github.com/advisories/GHSL-2022-030_xdan_jodit/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/xdan/jodit","events":[{"introduced":"0"},{"last_affected":"e6ff50559380e9a36ccd96ec2d2a6201c61bc4d4"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:xdsoft:jodit_editor:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"3.0.0"},{"last_affected":"3.20.4"}]}}],"versions":["%npm_package_version%","3.0.1","3.0.10","3.0.11","3.0.12","3.0.13","3.0.14","3.0.15","3.0.16","3.0.17","3.0.18","3.0.19","3.0.20","3.0.21","3.0.22","3.0.23","3.0.24","3.0.26","3.0.27","3.0.28","3.0.29","3.0.3","3.0.30","3.0.31","3.0.32","3.0.33","3.0.34","3.0.35","3.0.4","3.0.5","3.0.6","3.0.7","3.0.8","3.0.9","3.1.10","3.1.11","3.1.12","3.1.13","3.1.15","3.1.16","3.1.17","3.1.18","3.1.19","3.1.20","3.1.21","3.1.22","3.1.23","3.1.24","3.1.25","3.1.26","3.1.27","3.1.28","3.1.29","3.1.30","3.1.31","3.1.32","3.1.33","3.1.34","3.1.35","3.1.36","3.1.37","3.1.38","3.1.39","3.1.4","3.1.40","3.1.41","3.1.42","3.1.43","3.1.44","3.1.45","3.1.46","3.1.47","3.1.48","3.1.49","3.1.5","3.1.50","3.1.51","3.1.52","3.1.53","3.1.54","3.1.55","3.1.56","3.1.57","3.1.58","3.1.59","3.1.6","3.1.60","3.1.61","3.1.62","3.1.63","3.1.64","3.1.65","3.1.66","3.1.67","3.1.68","3.1.69","3.1.7","3.1.70","3.1.71","3.1.72","3.1.73","3.1.74","3.1.75","3.1.76","3.1.77","3.1.78","3.1.79","3.1.8","3.1.80","3.1.81","3.1.82","3.1.83","3.1.84","3.1.85","3.1.86","3.1.87","3.1.88","3.1.89","3.1.9","3.1.90","3.1.91","3.1.92","3.1.93","3.1.94","3.1.95","3.1.96","3.10.1","3.10.2","3.11.1","3.11.2","3.11.3","3.11.4","3.12.2","3.12.3","3.12.4","3.12.5","3.13.1","3.13.2","3.13.3","3.13.4","3.13.5","3.13.6","3.14.1","3.14.2","3.14.3","3.15.1","3.15.2","3.15.3","3.16.1","3.16.2","3.16.3","3.16.4","3.16.5","3.16.6","3.17.1","3.18.2","3.18.3","3.18.4","3.18.5","3.18.6","3.18.7","3.18.8","3.18.9","3.19.1","3.19.2","3.19.3","3.19.4","3.19.5","3.2.1","3.2.10","3.2.13","3.2.14","3.2.15","3.2.16","3.2.17","3.2.19","3.2.2","3.2.21","3.2.22","3.2.24","3.2.25","3.2.26","3.2.27","3.2.28","3.2.29","3.2.3","3.2.31","3.2.32","3.2.33","3.2.34","3.2.36","3.2.37","3.2.38","3.2.4","3.2.40","3.2.42","3.2.43","3.2.44","3.2.45","3.2.46","3.2.47","3.2.48","3.2.49","3.2.5","3.2.50","3.2.51","3.2.53","3.2.54","3.2.55","3.2.56","3.2.57","3.2.58","3.2.59","3.2.6","3.2.60","3.2.61","3.2.62","3.2.64","3.2.65","3.2.7","3.2.8","3.2.9","3.20.1","3.20.2","3.20.3","3.20.4","3.3.1","3.3.10","3.3.12","3.3.13","3.3.14","3.3.15","3.3.16","3.3.17","3.3.18","3.3.19","3.3.2","3.3.20","3.3.21","3.3.22","3.3.23","3.3.24","3.3.8","3.4.1","3.4.10","3.4.11","3.4.12","3.4.14","3.4.15","3.4.16","3.4.17","3.4.18","3.4.19","3.4.2","3.4.20","3.4.21","3.4.22","3.4.23","3.4.24","3.4.25","3.4.26","3.4.27","3.4.28","3.4.29","3.4.3","3.4.4","3.4.5","3.4.6","3.4.8","3.4.9","3.5.1","3.5.2","3.5.3","3.5.4","3.6.1","3.6.11","3.6.12","3.6.13","3.6.14","3.6.15","3.6.16","3.6.17","3.6.18","3.6.2","3.6.3","3.6.4","3.6.5","3.6.6","3.6.7","3.6.8","3.6.9","3.7.1","3.7.2","3.8.1","3.8.2","3.8.3","3.8.4","3.8.5","3.8.6","3.8.7","3.8.8","3.9.2","3.9.3","3.9.4","3.9.6"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23461.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}