(Security Issue) Cross-site scripting (XSS) vulnerability in Froala Editor allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.

Question

(Security Issue) Cross-site scripting (XSS) vulnerability in Froala Editor allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.

AlaaAl-Awadat opened this issue 5 months ago · comments

Dependency npm:froala-editor:4.1.4 is vulnerable

Cross-site scripting (XSS) vulnerability in Froala Editor allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.

CVE-2023-42426 6.1 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability with Medium severity found