Search for packages
| purl | pkg:npm/froala-editor@3.2.7 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3mjr-5k5j-h3ew
Aliases: CVE-2020-22864 GHSA-97x5-cc53-cv4v |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML. |
Affected by 2 other vulnerabilities. |
|
VCID-9153-xwpf-skgy
Aliases: CVE-2024-51434 GHSA-549p-5c7f-c5p4 |
Froala WYSIWYG editor allows cross-site scripting (XSS) Inconsistent <plaintext> tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-je93-db45-akd3 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module. |
CVE-2021-30109
GHSA-cq6w-w5rj-p9x8 |
| VCID-pmnu-pk72-qybr | Cross-site Scripting Froala WYSIWYG Edit is affected by XSS due to a namespace confusion during parsing. |
CVE-2021-28114
GHSA-rr6v-h7m8-wc9f |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T05:30:22.198944+00:00 | GitLab Importer | Affected by | VCID-9153-xwpf-skgy | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/froala-editor/CVE-2024-51434.yml | 38.6.0 |
| 2026-06-06T01:04:20.285968+00:00 | GitLab Importer | Affected by | VCID-3mjr-5k5j-h3ew | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/froala-editor/CVE-2020-22864.yml | 38.6.0 |
| 2026-06-06T01:01:30.189938+00:00 | GitLab Importer | Fixing | VCID-je93-db45-akd3 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/froala-editor/CVE-2021-30109.yml | 38.6.0 |
| 2026-06-02T04:39:29.822858+00:00 | GitLab Importer | Fixing | VCID-pmnu-pk72-qybr | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/froala-editor/CVE-2021-28114.yml | 38.6.0 |