6 matches found
@averystupidtest/reditor (=3.0.10), @beisen-oneops/amis-ui (>=1.0.0 <=1.0.6) +122 more potentially affected by CVE-2019-19935 via froala-editor (>=2.3.5 <=3.2.2)
froala-editor NPM version =2.3.5, =1.0.0, =1.0.0, =1.0.0, =6.10.0, =0.1.0, =6.12.0-beat1, =0.0.1, =0.1.0, =0.0.6, =0.0.5, =0.0.5, =0.2.3 and more Source cves: CVE-2019-19935 Source advisory: OSV:GHSA-H236-G5GH-VQ6C...
lemlist: CVE-2019-19935 - DOM based XSS in the froala editor
Summary: A stored XSS flow exist in the froala editor used in the web application. This can be trigger by using the code view of the editor Steps To Reproduce: 1. Start a new campaign 2. fill all the fieds and choose blank email template for the message 3. Switch to code editor view and inject "...
CVE-2019-19935
Froala Editor before 3.2.3 allows XSS...
CVE-2019-19935
Froala Editor before 3.2.3 allows XSS...
CVE-2019-19935
Froala Editor before 3.2.3 allows XSS...
CVE-2019-19935
Froala Editor prior to 3.2.3 is vulnerable to DOM-based XSS due to improper sanitization when HTML is inserted into the DOM. Affected versions include 3.2.2 and earlier; exploitation can occur via editor content manipulation (e.g., switching to code view). Remediation: upgrade to 3.2.3 or later w...