The next generation Javascript WYSIWYG HTML rich text editor made by devs for devs. High performance and modern design make it easy to use for developers and loved by users.
The next generation Javascript WYSIWYG HTML rich text editor made by devs for devs. High performance and modern design make it easy to use for developers and loved by users.
Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module.
The next generation Javascript WYSIWYG HTML rich text editor made by devs for devs. High performance and modern design make it easy to use for developers and loved by users.
The next generation Javascript WYSIWYG HTML rich text editor made by devs for devs. High performance and modern design make it easy to use for developers and loved by users.
A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML.
The next generation Javascript WYSIWYG HTML rich text editor made by devs for devs. High performance and modern design make it easy to use for developers and loved by users.
Library home page: https://registry.npmjs.org/froala-editor/-/froala-editor-3.2.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/froala-editor/package.json
Found in HEAD commit: 46f9017bf07d9afe8f4c8706e6bb2bdfc9524486
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2021-30109
### Vulnerable Library - froala-editor-3.2.1.tgzThe next generation Javascript WYSIWYG HTML rich text editor made by devs for devs. High performance and modern design make it easy to use for developers and loved by users.
Library home page: https://registry.npmjs.org/froala-editor/-/froala-editor-3.2.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/froala-editor/package.json
Dependency Hierarchy: - :x: **froala-editor-3.2.1.tgz** (Vulnerable Library)
Found in HEAD commit: 46f9017bf07d9afe8f4c8706e6bb2bdfc9524486
Found in base branch: main
### Reachability AnalysisThe vulnerable code is unreachable
### Vulnerability DetailsFroala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module.
Publish Date: 2021-04-05
URL: CVE-2021-30109
### CVSS 3 Score Details (6.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-30109
Release Date: 2021-04-05
Fix Resolution: 3.2.6-1
In order to enable automatic remediation, please create workflow rules
CVE-2020-26523
### Vulnerable Library - froala-editor-3.2.1.tgzThe next generation Javascript WYSIWYG HTML rich text editor made by devs for devs. High performance and modern design make it easy to use for developers and loved by users.
Library home page: https://registry.npmjs.org/froala-editor/-/froala-editor-3.2.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/froala-editor/package.json
Dependency Hierarchy: - :x: **froala-editor-3.2.1.tgz** (Vulnerable Library)
Found in HEAD commit: 46f9017bf07d9afe8f4c8706e6bb2bdfc9524486
Found in base branch: main
### Reachability AnalysisThe vulnerable code is unreachable
### Vulnerability DetailsFroala Editor before 3.2.2 allows XSS via pasted content.
Publish Date: 2020-10-02
URL: CVE-2020-26523
### CVSS 3 Score Details (6.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://froala.com/wysiwyg-editor/changelog/#3.2.2
Release Date: 2020-10-02
Fix Resolution: 3.2.2
In order to enable automatic remediation, please create workflow rules
CVE-2020-22864
### Vulnerable Library - froala-editor-3.2.1.tgzThe next generation Javascript WYSIWYG HTML rich text editor made by devs for devs. High performance and modern design make it easy to use for developers and loved by users.
Library home page: https://registry.npmjs.org/froala-editor/-/froala-editor-3.2.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/froala-editor/package.json
Dependency Hierarchy: - :x: **froala-editor-3.2.1.tgz** (Vulnerable Library)
Found in HEAD commit: 46f9017bf07d9afe8f4c8706e6bb2bdfc9524486
Found in base branch: main
### Reachability AnalysisThe vulnerable code is unreachable
### Vulnerability DetailsA cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML.
Publish Date: 2021-10-26
URL: CVE-2020-22864
### CVSS 3 Score Details (6.1)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-22864
Release Date: 2021-10-26
Fix Resolution: 4.0.7
In order to enable automatic remediation, please create workflow rules
In order to enable automatic remediation for this issue, please create workflow rules