CVE ID: CVE-2023-42426
Vulnerability Type: Cross-Site Scripting
Description: Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.
Steps to reproduce:
- Select the "Insert Image" option and add a new image.
- Click on the added image, then use the "Insert Link" option and input the payload: https://example.com" onmouseover='alert(xss)'.
Reference: