CVE-2021-30109: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

October 6, 2021

Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module.

References

froala.com/
github.com/Hackdwerg/CVE-2021-30109/blob/main/README.md
github.com/advisories/GHSA-cq6w-w5rj-p9x8
nvd.nist.gov/vuln/detail/CVE-2021-30109

Detect and mitigate CVE-2021-30109 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →