aikido.dev Secure My Code

Intel/AIKIDO-2026-10669

AIKIDO-2026-10669

suneditor is vulnerable to Improper Input Validation

Improper Input Validation Pre-CVE Published Apr 30, 2026

62

Medium Risk

This Affects:

0.0.1 - 2.47.9

Fixed in 2.47.10

Are you affected? Scan for Free

TL;DR

Affected versions of this package are vulnerable to a sanitizer/filter bypass in SunEditor that can lead to stored or reflected cross-site scripting (XSS), allowing untrusted editor content to execute arbitrary JavaScript in the rendered output. An attacker could exploit this by crafting a malicious payload that survives sanitization and is later viewed by another user, potentially enabling session theft, unauthorized actions, or delivery of further client-side attacks.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

suneditor is vulnerable to Improper Input Validation in versions 0.0.1 - 2.47.9.

How to fix this

Upgrade the suneditor library to the legacy patch version.

62

Medium Risk

This Affects:

0.0.1 - 2.47.9

Fixed in 2.47.10

Are you affected? Scan for Free

Links

github.com/JiHong88/suneditor/releases/tag/2.47.10

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Free. No credit card required.

Aikido Platform

Company

Resources

Industries

Use Cases

Compare

Legal

Connect

hello@aikido.dev

Security

Subscribe

Stay up to date with all updates

LinkedIn YouTube X

© 2026 Aikido Security BV | BE0792914919

Keizer Karelstraat 15, 9000, Ghent, Belgium

95 Third St, 2nd Fl, San Francisco, CA 94103, US

Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK

Ghent, Belgium | San Francisco, US

SOC 2

ISO 27001

ISO 27001Compliant

Get Security Done