froala/wysiwyg-editor is vulnerable to cross-site scripting attacks. The vulnerability exists because the ‘html.insert’ in the Insert Video function does not properly sanitize the user input, which allows a malicious attacker to inject and execute arbitrary web script.
CPE | Name | Operator | Version |
---|---|---|---|
froala/wysiwyg-editor | le | v3.1.0 | |
froala/wysiwyg-editor | le | v3.1.0 |