Lucene search
Veracode Vulnerability DatabaseVERACODE:32737HistoryOct 27, 2021 - 4:15 a.m.
Cross-site Scripting (XSS)
2021-10-2704:15:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.001 Low
EPSS
Percentile
30.2%
froala/wysiwyg-editor is vulnerable to cross-site scripting attacks. The vulnerability exists because the ‘html.insert’ in the Insert Video function does not properly sanitize the user input, which allows a malicious attacker to inject and execute arbitrary web script.
| CPE | Name | Operator | Version |
|---|---|---|---|
| froala/wysiwyg-editor | le | v3.1.0 | |
| froala/wysiwyg-editor | le | v3.1.0 |
Related
cvelist
cvelist
CVE-2020-22864
2021-10-26 21:08:14
cve
cve
CVE-2020-22864
2021-10-26 22:15:08
osv
osv
Cross site scripting in froala-editor
2021-10-28 23:14:06
CVE-2020-22864
2021-10-26 22:15:08
nvd
nvd
CVE-2020-22864
2021-10-26 22:15:08
prion
prion
Cross site scripting
2021-10-26 22:15:00
github
github
Cross site scripting in froala-editor
2021-10-28 23:14:06