VulnerableCode Package Details - pkg:npm/froala-editor@3.2.4

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/froala-editor@3.2.4

Essentials
History (4)

purl	pkg:npm/froala-editor@3.2.4

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.1

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-3mjr-5k5j-h3ew Aliases: CVE-2020-22864 GHSA-97x5-cc53-cv4v	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML.	4.0.11 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-9153-xwpf-skgy Aliases: CVE-2024-51434 GHSA-549p-5c7f-c5p4	Froala WYSIWYG editor allows cross-site scripting (XSS) Inconsistent <plaintext> tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier.	There are no reported fixed by versions.
VCID-je93-db45-akd3 Aliases: CVE-2021-30109 GHSA-cq6w-w5rj-p9x8	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module.	3.2.7 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-pmnu-pk72-qybr Aliases: CVE-2021-28114 GHSA-rr6v-h7m8-wc9f	Cross-site Scripting Froala WYSIWYG Edit is affected by XSS due to a namespace confusion during parsing.	3.2.7 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T05:30:22.172670+00:00	GitLab Importer	Affected by	VCID-9153-xwpf-skgy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/froala-editor/CVE-2024-51434.yml	38.6.0
2026-06-06T01:04:20.254905+00:00	GitLab Importer	Affected by	VCID-3mjr-5k5j-h3ew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/froala-editor/CVE-2020-22864.yml	38.6.0
2026-06-06T01:01:30.162753+00:00	GitLab Importer	Affected by	VCID-je93-db45-akd3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/froala-editor/CVE-2021-30109.yml	38.6.0
2026-06-06T00:48:30.890498+00:00	GitLab Importer	Affected by	VCID-pmnu-pk72-qybr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/froala-editor/CVE-2021-28114.yml	38.6.0