Wysiwyg Editor
by Froala
Source repositories
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-53950 | Cri | 0.64 | 9.8 | 0.00 | Dec 19, 2025 | InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to… | ||
| CVE-2024-51434 | Med | 0.40 | 6.1 | 0.01 | Nov 7, 2024 | Inconsistent tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier. |
- risk 0.64cvss 9.8epss 0.00
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to…
- risk 0.40cvss 6.1epss 0.01
Inconsistent tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier.