GHSA-rr6v-h7m8-wc9f
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rr6v-h7m8-wc9f
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/07/GHSA-rr6v-h7m8-wc9f/GHSA-rr6v-h7m8-wc9f.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rr6v-h7m8-wc9f
- Aliases
- Published
- 2021-07-19T21:21:33Z
- Modified
- 2024-02-18T05:29:09.086328Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Cross-site Scripting in Froala WYSIWYG Editor
- Details
-
Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing.
- Database specific
{ "nvd_published_at": "2021-07-16T13:15:00Z", "severity": "MODERATE", "github_reviewed_at": "2021-07-19T16:39:49Z", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }- References
Affected packages
Packagist / froala/wysiwyg-editor
Package
- Name
- froala/wysiwyg-editor
- Purl
- pkg:composer/froala/wysiwyg-editor
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.2.7
Affected versions
v2.*
v2.3.5
v2.4.0-rc.1
v2.4.0
v2.4.1
v2.4.2
v2.5.0
v2.5.1
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.7.0
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.9.0
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v2.9.5
v2.9.6
v2.9.7
v2.9.8
2.*
2.7.1
v3.*
v3.0.0-beta.1
v3.0.0-beta.2
v3.0.0-rc.1
v3.0.0-rc.2
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.1.0
v3.1.1
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.5.2
v3.2.6