Cross-site Scripting in Froala Editor (GHSA-cq6w-w5rj-p9x8)

Severity:: Medium

Description

Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module.

Recommendation

No fix is available yet. Followings are affected versions:

<= 3.2.6

References

GHSA-cq6w-w5rj-p9x8
froala.com
CVE-2021-30109
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Prebid-universal-creative latest on npm briefly compromised - CVE-2025-59039
Froala WYSIWYG editor allows cross-site scripting (XSS) - CVE-2024-51434
Froala Editor Cross-site Scripting vulnerability - CVE-2023-41592
Potential XSS vulnerability in jQuery (GHSA-gxr4-xjj5-5px2) - CVE-2020-11022

Tags:: npm; froala-editor

Anything's wrong? Let us know Last updated on February 01, 2023