Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-H236-G5GH-VQ6C
HistoryFeb 10, 2022 - 11:32 p.m.

DOM-based cross-site scripting in Froala Editor

2022-02-1023:32:51
Google
osv.dev
13

0.011 Low

EPSS

Percentile

84.9%

JSON

Froala WYSIWYG HTML Editor is a lightweight WYSIWYG HTML Editor written in JavaScript that enables rich text editing capabilities for web applications. A DOM-based cross-site scripting (XSS) vulnerability exists in versions before 3.2.3 because HTML code in the editor is not correctly sanitized when inserted into the DOM. This allows an attacker that can control the editor content to execute arbitrary JavaScript in the context of the victim’s session.

CPENameOperatorVersion
froala-editorlt3.2.3

Related

nvd 1
packetstorm 1
zdt 1
prion 1
github 1
osv 1
cve 1
veracode 1
cvelist 1
hackerone 1
nvd
nvd
CVE-2019-19935
2020-07-07 16:15:10
packetstorm
packetstorm
Froala WYSIWYG HTML Editor 3.1.1 Cross Site Scripting
2020-07-03 00:00:00
zdt
zdt
Froala WYSIWYG HTML Editor 3.1.1 Cross Site Scripting Vulnerability
2020-07-04 00:00:00
prion
prion
Cross site scripting
2020-07-07 16:15:00
github
github
DOM-based cross-site scripting in Froala Editor
2022-02-10 23:32:51
osv
osv
CVE-2019-19935
2020-07-07 16:15:10
cve
cve
CVE-2019-19935
2020-07-07 16:15:10
veracode
veracode
Cross-site Scripting (XSS)
2022-02-11 07:02:07
cvelist
cvelist
CVE-2019-19935
2020-07-07 15:40:15
hackerone
hackerone
lemlist: CVE-2019-19935 - DOM based XSS in the froala editor
2020-07-23 14:13:49

0.011 Low

EPSS

Percentile

84.9%

JSON
Related for OSV:GHSA-H236-G5GH-VQ6C
nvd1packetstorm1zdt1prion1github1osv1cve1veracode1cvelist1hackerone1