CVE-2019-19935: XSS
First published: Tue Jul 07 2020(Updated: )
Froala Editor before 3.2.3 allows XSS.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Froala WYSIWYG Editor | <3.2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/158300/Froala-WYSIWYG-HTML-Editor-3.1.1-Cross-Site-Scripting.html
- https://blog.compass-security.com/2020/07/yet-another-froala-0-day-xss/
- https://compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2020-004_DOM_XSS_in_Froala_WYSIWYG_HTML_Editor.txt
- https://github.com/froala/wysiwyg-editor/compare/v3.0.5...v3.0.6
- https://snyk.io/vuln/npm:froala-editor
Frequently Asked Questions
What is CVE-2019-19935?
CVE-2019-19935 is a vulnerability in Froala Editor before version 3.2.3 that allows XSS (Cross-Site Scripting) attacks.
How severe is CVE-2019-19935?
CVE-2019-19935 is considered a medium severity vulnerability with a CVSS score of 6.1.
How does CVE-2019-19935 affect Froala Editor?
CVE-2019-19935 affects Froala Editor versions up to and excluding 3.2.3, allowing for potential XSS attacks.
How can I mitigate the CVE-2019-19935 vulnerability?
To mitigate the CVE-2019-19935 vulnerability, it is recommended to update Froala Editor to version 3.2.3 or later.
Where can I find more information about CVE-2019-19935?
More information about CVE-2019-19935 can be found on the following references: [link1], [link2], [link3].
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/froala
- canonical/froala wysiwyg editor