Vendor
Froala
Products
2
CVEs
4
Across products
4
Status
Private
Products
2- 2 CVEs
- 2 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-53950 | Cri | 0.64 | 9.8 | 0.00 | Dec 19, 2025 | InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to… | ||
| CVE-2024-51434 | Med | 0.40 | 6.1 | 0.01 | Nov 7, 2024 | Inconsistent tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier. | ||
| CVE-2023-43263 | 0.00 | — | 0.01 | Sep 26, 2023 | A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component. | |||
| CVE-2023-42426 | 0.00 | — | 0.00 | Sep 25, 2023 | Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component. |
- risk 0.64cvss 9.8epss 0.00
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to…
- risk 0.40cvss 6.1epss 0.01
Inconsistent tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier.
- CVE-2023-43263Sep 26, 2023risk 0.00cvss —epss 0.01
A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component.
- CVE-2023-42426Sep 25, 2023risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.