Description
Froala Editor before 3.2.3 allows XSS.
Remediation
References
http://packetstormsecurity.com/files/158300/Froala-WYSIWYG-HTML-Editor-3.1.1-Cross-Site-Scripting.html
https://blog.compass-security.com/2020/07/yet-another-froala-0-day-xss/
https://compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2020-004_DOM_XSS_in_Froala_WYSIWYG_HTML_Editor.txt
https://github.com/froala/wysiwyg-editor/compare/v3.0.5...v3.0.6
https://snyk.io/vuln/npm:froala-editor
Related Vulnerabilities
CVE-2022-40764 Vulnerability in npm package snyk-go-plugin
CVE-2018-15685 Vulnerability in npm package electron
CVE-2023-32314 Vulnerability in maven package org.webjars.npm:vm2
CVE-2023-46660 Vulnerability in maven package org.jenkins-ci.plugins:zanata
CVE-2008-6504 Vulnerability in maven package org.apache.struts:struts2-core