Description Froala Editor before 3.2.2 allows XSS via pasted content. Remediation References https://froala.com/wysiwyg-editor/changelog/ Related Vulnerabilities CVE-2018-5158 Vulnerability in maven package org.webjars.bowergithub.mozilla:pdfjs-dist CVE-2018-1260 Vulnerability in maven package org.springframework.security.oauth:spring-security-oauth2 CVE-2022-22984 Vulnerability in npm package @snyk/snyk-hex-plugin CVE-2020-9488 Vulnerability in maven package org.apache.logging.log4j:log4j-core CVE-2021-26272 Vulnerability in npm package ckeditor4-dev Severity High Classification CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Release Notes Vendor Advisory