Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-12-15T02:08:07.054Z
Updated: 2024-08-03T03:43:46.063Z
Reserved: 2022-01-19T21:23:53.757Z
Link: CVE-2022-23474
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-12-15T19:15:16.613
Modified: 2022-12-20T01:56:18.700
Link: CVE-2022-23474
Redhat
No data.