This is a migrated thread and some comments may be shown as answers.

NIST CVE-2018-14037

2 Answers 72 Views
Editor
This is a migrated thread and some comments may be shown as answers.
Wendel
Top achievements
Rank 1
Wendel asked on 09 May 2019, 10:15 PM

Is there a work-around for the NIST Vulnerability identified in the Kendo Editor Widget?

 

 

2 Answers, 1 is accepted

Sort by
0
Ianko
Telerik team
answered on 13 May 2019, 06:20 AM
Hello Wendel,

That report is regarding 2018.1.221 version. And since that version there are fixes that target XSS vulnerability. I suggest you to re-test the Kendo Editor and check out the specific case. 

Also, everything about XSS prevention in Kendo Editor is documented here:  https://docs.telerik.com/kendo-ui/controls/editors/editor/preventing-xss. When it comes to supporting a more advanced XSS prevention there are the custom serialization and deserialization options: https://docs.telerik.com/kendo-ui/controls/editors/editor/preventing-xss#serialization-and-deserialization

If you have any further questions on the topic please provide a specific scenario that you have. The exact HTML that is being used in Editor that leads to the vulnerability. 

Regards,
Ianko
Progress Telerik
Get quickly onboarded and successful with your Telerik and/or Kendo UI products with the Virtual Classroom free technical training, available to all active customers. Learn More.
0
Wendel
Top achievements
Rank 1
answered on 17 May 2019, 02:24 PM
Thank you for the response.  I will review those links.
Tags
Editor
Asked by
Wendel
Top achievements
Rank 1
Answers by
Ianko
Telerik team
Wendel
Top achievements
Rank 1
Share this question
or