What is the vulnerability ID for the Froala Editor cross-site scripting (XSS) vulnerability?

The vulnerability ID for the Froala Editor cross-site scripting (XSS) vulnerability is GHSA-hvpq-7vcc-5hj5.

What is the severity of the Froala Editor cross-site scripting (XSS) vulnerability?

The severity of the Froala Editor cross-site scripting (XSS) vulnerability is medium.

What software versions are affected by the Froala Editor cross-site scripting (XSS) vulnerability?

Froala Editor versions 4.0.1 to 4.1.1 are affected by the cross-site scripting (XSS) vulnerability.

What is the Common Weakness Enumeration (CWE) ID for the Froala Editor cross-site scripting (XSS) vulnerability?

The Common Weakness Enumeration (CWE) ID for the Froala Editor cross-site scripting (XSS) vulnerability is CWE-79.

Are there any references available for the Froala Editor cross-site scripting (XSS) vulnerability?

Yes, there are references available for the Froala Editor cross-site scripting (XSS) vulnerability. You can find them at the following URLs: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-41592">https://nvd.nist.gov/vuln/detail/CVE-2023-41592</a></li><li><a href="https://hacker.soarescorp.com/cve/2023-41592/">https://hacker.soarescorp.com/cve/2023-41592/</a></li><li><a href="https://owasp.org/Top10/A03_2021-Injection/">https://owasp.org/Top10/A03_2021-Injection/</a></li></ul>

vuln-group

GHSA-hvpq-7vcc-5hj5

Severity: medium (5.4)

First published: Fri Sep 15 2023

Last modified: Tue Sep 26 2023

CWE: 79

Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability.

Any of

composer/froala/wysiwyg-editor
>=4.0.1<=4.1.1

FAQ

What is the vulnerability ID for the Froala Editor cross-site scripting (XSS) vulnerability?
The vulnerability ID for the Froala Editor cross-site scripting (XSS) vulnerability is GHSA-hvpq-7vcc-5hj5.
What is the severity of the Froala Editor cross-site scripting (XSS) vulnerability?
The severity of the Froala Editor cross-site scripting (XSS) vulnerability is medium.
What software versions are affected by the Froala Editor cross-site scripting (XSS) vulnerability?
Froala Editor versions 4.0.1 to 4.1.1 are affected by the cross-site scripting (XSS) vulnerability.
What is the Common Weakness Enumeration (CWE) ID for the Froala Editor cross-site scripting (XSS) vulnerability?
The Common Weakness Enumeration (CWE) ID for the Froala Editor cross-site scripting (XSS) vulnerability is CWE-79.
Are there any references available for the Froala Editor cross-site scripting (XSS) vulnerability?
Yes, there are references available for the Froala Editor cross-site scripting (XSS) vulnerability. You can find them at the following URLs: <ul><li><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-41592">https://nvd.nist.gov/vuln/detail/CVE-2023-41592</a></li><li><a href="https://hacker.soarescorp.com/cve/2023-41592/">https://hacker.soarescorp.com/cve/2023-41592/</a></li><li><a href="https://owasp.org/Top10/A03_2021-Injection/">https://owasp.org/Top10/A03_2021-Injection/</a></li></ul>

Reference Links

collector/github-advisory
alias/GHSA-hvpq-7vcc-5hj5
alias/CVE-2023-41592
collector/github-advisory-latest
package-manager/composer