@progress/kendo-angular-editor before version 1.2.3 is vulnerable to Cross-Site Scripting. When the Editor content contains potentially malicious scripts in element event handlers, they get executed.
Adding the following content to the Editor value demonstrates the issue:
<img src="" onerror=alert(document.domain)>.
Upgrade to version 1.2.3 or later.
publishedAdvisory PublishedAug 11th, 2020
reportedReported by Vaibhav MalwadeAug 11th, 2020