Packagist (Composer) package
froala/wysiwyg-editor
pkg:composer/froala/wysiwyg-editor
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-51434 | Med | 6.1 | <= 4.3.0 | — | Nov 7, 2024 | Inconsistent tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier. | |
| CVE-2023-41592 | — | >= 4.0.1, < 4.1.4 | 4.1.4 | Sep 14, 2023 | Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability. | ||
| CVE-2021-28114 | — | < 3.2.7 | 3.2.7 | Jul 16, 2021 | Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing. | ||
| CVE-2020-26523 | — | < 3.2.2 | 3.2.2 | Oct 2, 2020 | Froala Editor before 3.2.2 allows XSS via pasted content. |
- affected <= 4.3.0
Inconsistent tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier.
- CVE-2023-41592Sep 14, 2023affected >= 4.0.1, < 4.1.4fixed 4.1.4
Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability.
- CVE-2021-28114Jul 16, 2021affected < 3.2.7fixed 3.2.7
Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing.
- CVE-2020-26523Oct 2, 2020affected < 3.2.2fixed 3.2.2
Froala Editor before 3.2.2 allows XSS via pasted content.