Froala Editor vulnerabilities
7 known vulnerabilities affecting froala/froala_editor.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM7
Vulnerabilities
Page 1 of 1
CVE-2021-28114P3MEDIUMCVSS 5.4fixed in 3.2.72021-07-16
CVE-2021-28114 [MEDIUM] CWE-79 CVE-2021-28114: Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing.
Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing.
nvd
CVE-2023-42426P4MEDIUMCVSS 6.1v4.1.12023-09-25
CVE-2023-42426 [MEDIUM] CWE-79 CVE-2023-42426: Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to
Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.
nvd
CVE-2021-30109P4MEDIUMCVSS 6.1v3.2.62021-04-05
CVE-2021-30109 [MEDIUM] CWE-79 CVE-2021-30109: Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 cr
Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module.
nvd
CVE-2020-22864P4MEDIUMCVSS 6.1v3.1.02021-10-26
CVE-2020-22864 [MEDIUM] CWE-79 CVE-2020-22864: A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1
A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML.
nvd
CVE-2023-43263P4MEDIUMCVSS 6.1v4.1.12023-09-27
CVE-2023-43263 [MEDIUM] CWE-79 CVE-2023-43263: A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbi
A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component.
nvd
CVE-2020-26523P4MEDIUMCVSS 6.1fixed in 3.2.22020-10-02
CVE-2020-26523 [MEDIUM] CWE-79 CVE-2020-26523: Froala Editor before 3.2.2 allows XSS via pasted content.
Froala Editor before 3.2.2 allows XSS via pasted content.
nvd
CVE-2023-41592P4MEDIUMCVSS 5.4≥ 4.0.1, ≤ 4.1.12023-09-14
CVE-2023-41592 [MEDIUM] CWE-79 CVE-2023-41592: Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability.
Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability.
nvd