Description
A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor allows attackers to execute arbitrary web scripts or HTML.
Recommendation
Update the froala-editor package to the latest compatible version. Followings are version details:
- Affected version(s): <= 4.0.6
- Patched version(s): 4.0.11
References
Related Issues
- Cross-site Scripting in Froala Editor (GHSA-cq6w-w5rj-p9x8) - CVE-2021-30109
- Froala Editor Cross-site Scripting vulnerability - CVE-2023-41592
- DOM-based cross-site scripting in Froala Editor - CVE-2019-19935
- Froala WYSIWYG editor allows cross-site scripting (XSS) - CVE-2024-51434
- Tags:
- npm
- froala-editor
Anything's wrong? Let us know Last updated on February 13, 2023