admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 10:41:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2022/CVE-2022-23474.md

18 lines
843 B
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2022-23474](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23474)
![](https://img.shields.io/static/v1?label=Product&message=editor.js&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%202.26.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%3A%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen)
### Description
Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrappers innerHTML. This issue is patched in version 2.26.0.
### POC
#### Reference
- https://securitylab.github.com/advisories/GHSL-2022-028_codex-team_editor_js/
#### Github
No PoCs found on GitHub currently.
Reference in New Issue Copy Permalink