CVE-2020-22864: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

October 28, 2021 (updated October 29, 2021)

A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML.

References

github.com/418sec/wysiwyg-editor/pull/1
github.com/advisories/GHSA-97x5-cc53-cv4v
github.com/froala/wysiwyg-editor/issues/3880
github.com/froala/wysiwyg-editor/pull/3911
nvd.nist.gov/vuln/detail/CVE-2020-22864
www.youtube.com/watch?v=WE3b1iSnWJY

Detect and mitigate CVE-2020-22864 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →