npm package
froala-editor
pkg:npm/froala-editor
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-51434 | Med | 6.1 | <= 4.3.0 | — | Nov 7, 2024 | Inconsistent tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier. | |
| CVE-2023-41592 | — | >= 4.0.1, < 4.1.4 | 4.1.4 | Sep 14, 2023 | Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability. | ||
| CVE-2020-22864 | — | < 4.0.11 | 4.0.11 | Oct 26, 2021 | A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML. | ||
| CVE-2021-30109 | — | <= 3.2.6 | — | Apr 5, 2021 | Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module. | ||
| CVE-2019-19935 | — | < 3.2.3 | 3.2.3 | Jul 7, 2020 | Froala Editor before 3.2.3 allows XSS. |
- affected <= 4.3.0
Inconsistent tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier.
- CVE-2023-41592Sep 14, 2023affected >= 4.0.1, < 4.1.4fixed 4.1.4
Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability.
- CVE-2020-22864Oct 26, 2021affected < 4.0.11fixed 4.0.11
A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML.
- CVE-2021-30109Apr 5, 2021affected <= 3.2.6
Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module.
- CVE-2019-19935Jul 7, 2020affected < 3.2.3fixed 3.2.3
Froala Editor before 3.2.3 allows XSS.