Froala WYSIWYG editor allows cross-site scripting (XSS)

Severity:: Medium

Description

Inconsistent

tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier.</plaintext></p><h2 id="recommendation">Recommendation</h2><p>No fix is available yet. Followings are affected versions:</p><ul><li><strong><= 4.3.0</strong></li></ul><h2 id="references">References</h2><ul><li><a href="https://github.com/advisories/GHSA-549p-5c7f-c5p4" target="_blank" rel="noopener noreferrer">GHSA-549p-5c7f-c5p4</a></li><li><a href="https://georgyg.com/home/froala-wysiwyg-editor---xss-cve-2024-51434" target="_blank" rel="noopener noreferrer">georgyg.com</a></li><li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51434" target="_blank" rel="noopener noreferrer">CVE-2024-51434</a></li><li><a href="https://cwe.mitre.org/data/definitions/79.html" target="_blank" rel="noopener noreferrer">CWE-79</a></li><li><a href="https://capec.mitre.org/data/definitions/C-310.html" target="_blank" rel="noopener noreferrer">CAPEC-310</a></li><li><a href="https://owasp.org/Top10/A03_2021-Injection/" target="_blank" rel="noopener noreferrer">OWASP 2021-A3</a></li><li><a href="https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/" target="_blank" rel="noopener noreferrer">OWASP 2021-A6</a></li></ul><h2>Related Issues</h2><ul><li><a href="/vulnerability-list/valid-ecdsa-signatures-erroneously-rejected-in-elliptic">Valid ECDSA signatures erroneously rejected in Elliptic - CVE-2024-48948</a></li><li><a href="/vulnerability-list/cors-anywhere-vulnerable-to-server-side-request-forgery">cors-anywhere vulnerable to server-side request forgery - CVE-2020-36851</a></li><li><a href="/vulnerability-list/debug-4-4-2-contains-malware-after-npm-account-takeover">debug@4.4.2 contains malware after npm account takeover - CVE-2025-59144</a></li><li><a href="/vulnerability-list/trix-vulnerable-to-cross-site-scripting-on-copy-paste">Trix vulnerable to Cross-site Scripting on copy & paste - CVE-2025-46812</a></li></ul><dl class="flex gap-2 lg:hidden items-center flex-wrap mt-8"><dt class="text-base font-semibold">Tags:</dt><dd><a href="/vulnerability-list/#q=&severity=&tags=npm" class="text-sm resetLink rounded-sm p-1 no-underline hover:bg-neutral-100">npm</a></dd><dd><a href="/vulnerability-list/#q=&severity=&tags=froala-editor" class="text-sm resetLink rounded-sm p-1 no-underline hover:bg-neutral-100">froala-editor</a></dd></dl><div class="flex justify-between flex-wrap gap-2 border-t border-neutral-300 py-5 text-sm text-neutral-500 mt-12"><span>Anything's wrong? <a class="resetLink underline hover:text-emerald-750" href="/contact">Let us know</a></span> <span>Last updated on March 14, 2025</span></div></article><aside class="hidden lg:block w-72 pl-8 border-l border-neutral-300"><h4 class="text-base font-semibold mb-4">Severity</h4><a href="/vulnerability-list/#q=&severity=Medium&tags=" class="block text-sm ml-4 mb-6 resetLink w-fit rounded-sm px-3 py-1 no-underline bg-orange-100 text-orange-800 hover:bg-orange">Medium</a><div class="mb-6"><h4 class="text-base font-semibold mb-4">Tags</h4><div class="flex flex-col text-sm gap-1 pl-2"><a href="/vulnerability-list/#q=&severity=&tags=npm" class="resetLink w-fit rounded-sm px-3 py-1 no-underline hover:bg-neutral-100">npm</a> <a href="/vulnerability-list/#q=&severity=&tags=froala-editor" class="resetLink w-fit rounded-sm px-3 py-1 no-underline hover:bg-neutral-100">froala-editor</a></div></div><div class="mb-6"><h4 class="text-base font-semibold mb-4">Classifications</h4><div class="flex flex-col text-sm gap-1 pl-2"><div class="px-3 py-1">OWASP 2021-A6</div><div class="px-3 py-1">OWASP 2021-A3</div><div class="px-3 py-1">OWASP 2017-A9</div><div class="px-3 py-1">OWASP 2017-A1</div><div class="px-3 py-1">OWASP 2013-A9</div><div class="px-3 py-1">OWASP 2013-A1</div><div class="px-3 py-1">OWASP 2010-A6</div><div class="px-3 py-1">OWASP 2010-A1</div><div class="px-3 py-1">OWASP 2007-A2</div><div class="px-3 py-1">GHSA-549p-5c7f-c5p4</div><div class="px-3 py-1">CWE-79</div><div class="px-3 py-1">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N</div><div class="px-3 py-1">CVE-2024-51434</div><div class="px-3 py-1">CAPEC-310</div></div></div></aside></main><script type="application/ld+json">[{ "@context": "https://schema.org", "@type": "BreadcrumbList", "itemListElement": [{ "@type": "ListItem", "position": 1, "name": "Security Vulnerabilities", "item": "https://www.thesmartscanner.com/vulnerability-list/" },{ "@type": "ListItem", "position": 2, "name": "Froala WYSIWYG editor allows cross-site scripting (XSS) - CVE-2024-51434" }] }, { "@context": "https://schema.org", "@type": "TechArticle", "headline": "Froala WYSIWYG editor allows cross-site scripting (XSS) - CVE-2024-51434" }]</script><footer class="bg-[#EBF4F0] pt-[52px] lg:pt-20 [&_a]:leading-5 [&_a]:block"><div class="max-w-6xl mx-auto bg-[#EBF4F0]"><div class="flex flex-wrap justify-between mb-9 text-neutral-710 px-4 xl:px-0 gap-6"><div class="w-52"><h4 class="font-semibold text-lg lg:text-xl leading-snug lg:leading-tight mb-4 lg:mb-7 text-neutral-725">Product</h4><a href="/features" class="resetLink hover:text-emerald-750 hover:underline mb-3 lg:mb-4">Why SmartScanner?</a> <a href="/download" class="resetLink hover:text-emerald-750 hover:underline mb-3 lg:mb-4">Download</a> <a href="/pricing" class="resetLink hover:text-emerald-750 hover:underline mb-3 lg:mb-4">Plans and Pricing</a> <a href="/changelog" class="resetLink hover:text-emerald-750 hover:underline">What’s New?</a></div><div class="w-52"><h4 class="font-semibold text-lg lg:text-xl leading-snug lg:leading-tight mb-4 lg:mb-7 text-neutral-725">Security Solutions</h4><a href="/ai-driven-vulnerability-scanner/" class="resetLink hover:text-emerald-750 hover:underline mb-3 lg:mb-4">AI-Driven Vulnerability Scanner</a> <a href="/vulnerability-scanner/" class="resetLink hover:text-emerald-750 hover:underline mb-3 lg:mb-4">Vulnerability Scanner</a> <a href="/web-vulnerability-scanner/" class="resetLink hover:text-emerald-750 hover:underline mb-3 lg:mb-4">Web Vulnerability Scanner</a> <a href="/api-security-scanner/" class="resetLink hover:text-emerald-750 hover:underline mb-3 lg:mb-4">API Security Scanner</a> <a href="/owasp-top-10-scanner/" class="resetLink hover:text-emerald-750 hover:underline mb-3 lg:mb-4">OWASP Top 10 Scanner</a> <a href="/pentest-automation-tool/" class="resetLink hover:text-emerald-750 hover:underline">Pentest Automation Tool</a></div><div class="w-52"><h4 class="font-semibold text-lg lg:text-xl leading-snug lg:leading-tight mb-4 lg:mb-7 text-neutral-725">Comparison</h4><a href="/owasp-zap-alternative" class="resetLink hover:text-emerald-750 hover:underline mb-3 lg:mb-4">OWASP ZAP alternative</a> <a href="/netsparker-alternative" class="resetLink hover:text-emerald-750 hover:underline mb-3 lg:mb-4">Netsparker alternative</a> <a href="/acunetix-alternative" class="resetLink hover:text-emerald-750 hover:underline mb-3 lg:mb-4">Acunetix alternative</a> <a href="/burp-suite-alternative" class="resetLink hover:text-emerald-750 hover:underline">Burp alternative</a></div><div class="w-52"><h4 class="font-semibold text-lg lg:text-xl leading-snug lg:leading-tight mb-4 lg:mb-7 text-neutral-725">Resource</h4><a href="/blog/" class="resetLink hover:text-emerald-750 hover:underline mb-3 lg:mb-4">Blog</a> <a href="/docs/" class="resetLink hover:text-emerald-750 hover:underline mb-3 lg:mb-4">Documentation</a> <a href="/vulnerability-list/" class="resetLink hover:text-emerald-750 hover:underline mb-3 lg:mb-4">Security Vulnerabilities</a> <a href="/tools/robotstxt/" class="resetLink hover:text-emerald-750 hover:underline">Online Robottxt Validator</a></div><div class="w-52"><h4 class="font-semibold text-lg lg:text-xl leading-snug lg:leading-tight mb-4 lg:mb-7 text-neutral-725">Support</h4><a href="/contact" class="resetLink hover:text-emerald-750 hover:underline mb-3 lg:mb-4">Contact Form</a> <a href="/support#faq" class="resetLink hover:text-emerald-750 hover:underline mb-3 lg:mb-4">FAQ</a><div class="flex gap-3"><a href="https://twitter.com/TheSmartScanner" class="resetLink hover:text-emerald-750 hover:underline" aria-labelledby="svgXid"><svg width="25" height="25" viewBox="0 0 25 25" fill="currentColor " xmlns="http://www.w3.org/2000/svg" aria-hidden="true"><title id="svgXid">Click to go to SmartScanner's X (Twitter) page</title><path d="M3.59812 3.80762L10.4745 13.0299L3.55469 20.5259H5.11294L11.1695 13.9611L16.0641 20.5259H21.3633L14.1014 10.7863L20.5407 3.80762H18.9852L13.4064 9.85233L8.89998 3.80762H3.59812ZM5.88935 4.95666H8.32446L19.0748 19.3741H16.6397L5.88935 4.95666Z"/></svg></a><a href="mailto:support@thesmartscanner.com" class="resetLink hover:text-emerald-750 hover:underline" aria-labelledby="svgMailid"><svg width="25" height="25" viewBox="0 0 25 25" fill="currentColor " xmlns="http://www.w3.org/2000/svg" aria-hidden="true"><title id="svgMailid">Click to send an email to SmartScanner in your email software</title><path d="M5.07241 19.1689C4.61216 19.1689 4.22786 19.0148 3.91953 18.7064C3.6112 18.3981 3.45703 18.0138 3.45703 17.5536V6.78432C3.45703 6.32407 3.6112 5.93978 3.91953 5.63145C4.22786 5.32311 4.61216 5.16895 5.07241 5.16895H19.8417C20.3019 5.16895 20.6862 5.32311 20.9945 5.63145C21.3029 5.93978 21.457 6.32407 21.457 6.78432V17.5536C21.457 18.0138 21.3029 18.3981 20.9945 18.7064C20.6862 19.0148 20.3019 19.1689 19.8417 19.1689H5.07241ZM12.457 12.2843L4.45703 7.05357V17.5536C4.45703 17.7331 4.51472 17.8805 4.63011 17.9959C4.74549 18.1113 4.89292 18.1689 5.07241 18.1689H19.8417C20.0211 18.1689 20.1686 18.1113 20.284 17.9959C20.3993 17.8805 20.457 17.7331 20.457 17.5536V7.05357L12.457 12.2843ZM12.457 11.1689L20.1493 6.16895H4.76473L12.457 11.1689ZM4.45703 7.05357V6.16895V17.5536C4.45703 17.7331 4.51472 17.8805 4.63011 17.9959C4.74549 18.1113 4.89292 18.1689 5.07241 18.1689H4.45703V7.05357Z"/></svg></a></div></div></div><div class="flex flex-wrap justify-between border-t border-neutral-300 py-5 lg:py-6 px-4 xl:px-0 text-neutral-710 gap-3"><div class="flex gap-2 items-center"><span>©</span> <a href="/" class="resetLink hover:text-emerald-750 hover:underline">TheSmartScanner.com</a></div><div class="flex flex-wrap gap-3"><a href="/privacy" class="resetLink hover:text-emerald-750 hover:underline">Privacy Policy</a> <a href="/terms" class="resetLink hover:text-emerald-750 hover:underline">Terms of Service</a> <a href="/eula" class="resetLink hover:text-emerald-750 hover:underline">EULA</a></div></div></div></footer><link rel="prefetch" href="/assets/js/prism.js"><div id="cookieConsent" style="display:none;" class="flex py-4 px-4 lg:px-6 shadow-[0_-4px_8px_0px_rgba(0,0,0,0.1)] fixed bottom-0 left-0 w-full justify-between items-center flex-wrap lg:flex-nowrap gap-4 text-sm bg-white/60 backdrop-blur-md"><p class="text-base mx-auto m-0 pr-4 lg:pr-0">We use cookies to enhance quality of our services and to analyze traffic. Read our <a href="/privacy" class="resetLink underline">privacy policy</a>.</p><div class="flex gap-2 w-full lg:w-fit"><button onclick="consent.accept()" class="w-full lg:w-fit text-emerald-750 border border-emerald-750 rounded-[7px] h-10 min-w-24 flex items-center text-center justify-center bg-white transition-colors hover:text-emerald-750 hover:bg-emerald-25 active:bg-teal-100">OK, got it</button> <button onclick="consent.reject()" class="py-1 px-2 hover:text-black absolute top-3 right-2 lg:[position:initial]">X</button></div></div><script defer="defer" type="text/javascript" src="/assets/js/cookie.min.js"></script></body></html>