Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Froala Editor before 3.2.3 allows XSS.
Advisories for Npm/Froala-Editor package
2022
2021
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module.
Cross-site Scripting
Froala WYSIWYG Edit is affected by XSS due to a namespace confusion during parsing.