GHSA-qrhq-x7xh-2784
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qrhq-x7xh-2784
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qrhq-x7xh-2784/GHSA-qrhq-x7xh-2784.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qrhq-x7xh-2784
- Aliases
- Published
- 2022-05-24T17:30:01Z
- Modified
- 2024-02-22T05:34:24.069995Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Froala WYSIWYG Editor XSS Vulnerability
- Details
-
Froala Editor before 3.2.2 allows XSS via pasted content.
- Database specific
{ "nvd_published_at": "2020-10-02T07:15:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-07-13T23:09:43Z" }- References
Affected packages
Packagist / froala/wysiwyg-editor
Package
- Name
- froala/wysiwyg-editor
- Purl
- pkg:composer/froala/wysiwyg-editor
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.2.2
Affected versions
v2.*
v2.3.5
v2.4.0-rc.1
v2.4.0
v2.4.1
v2.4.2
v2.5.0
v2.5.1
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.7.0
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.9.0
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v2.9.5
v2.9.6
v2.9.7
v2.9.8
2.*
2.7.1
v3.*
v3.0.0-beta.1
v3.0.0-beta.2
v3.0.0-rc.1
v3.0.0-rc.2
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.1.0
v3.1.1
v3.2.0
v3.2.1