{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T10:14:25.423","vulnerabilities":[{"cve":{"id":"CVE-2022-23474","sourceIdentifier":"security-advisories@github.com","published":"2022-12-15T19:15:16.613","lastModified":"2024-11-21T06:48:38.147","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0."},{"lang":"es","value":"Editor.js es un editor de estilo de bloque con salida JSON limpia. Las versiones anteriores a la 2.26.0 son vulnerables a la inyección de código mediante entradas pegadas. El método ProcessHTML pasa la entrada pegada al HTML interno del contenedor. Este problema se solucionó en la versión 2.26.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:codex:editor.js:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.26.0","matchCriteriaId":"A3844DDC-D939-4350-A9B6-14EAAF8C53F0"}]}]}],"references":[{"url":"https://github.com/codex-team/editor.js/pull/2100","source":"security-advisories@github.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://securitylab.github.com/advisories/GHSL-2022-028_codex-team_editor_js/","source":"security-advisories@github.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/codex-team/editor.js/pull/2100","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://securitylab.github.com/advisories/GHSL-2022-028_codex-team_editor_js/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]}]}}]}