Giters

b0marek / CVE-2023-42426

Repository for CVE-2023-42426 vulnerability.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE ID: CVE-2023-42426

Vulnerability Type: Cross-Site Scripting

Description: Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.

Steps to reproduce:

  1. Select the "Insert Image" option and add a new image.
  2. Click on the added image, then use the "Insert Link" option and input the payload: https://example.com" onmouseover='alert(xss)'. image

Reference:

  1. https://cve.report/CVE-2023-42426
  2. froala/wysiwyg-editor#4678
  3. https://froala.com

About

Repository for CVE-2023-42426 vulnerability.