{"url":"http://public2.vulnerablecode.io/api/packages/529932?format=json","purl":"pkg:npm/froala-editor@2.0.2","type":"npm","namespace":"","name":"froala-editor","version":"2.0.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41642?format=json","vulnerability_id":"VCID-3mjr-5k5j-h3ew","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22864","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58296","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58347","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58327","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58342","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58352","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58343","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-22864"},{"reference_url":"https://github.com/418sec/wysiwyg-editor/pull/1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/418sec/wysiwyg-editor/pull/1"},{"reference_url":"https://github.com/froala/wysiwyg-editor","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froala/wysiwyg-editor"},{"reference_url":"https://github.com/froala/wysiwyg-editor/issues/3880","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froala/wysiwyg-editor/issues/3880"},{"reference_url":"https://github.com/froala/wysiwyg-editor/pull/3911","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froala/wysiwyg-editor/pull/3911"},{"reference_url":"https://github.com/froala/wysiwyg-editor/releases/tag/v4.0.11","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froala/wysiwyg-editor/releases/tag/v4.0.11"},{"reference_url":"https://www.youtube.com/watch?v=WE3b1iSnWJY","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.youtube.com/watch?v=WE3b1iSnWJY"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22864","reference_id":"CVE-2020-22864","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-22864"},{"reference_url":"https://github.com/advisories/GHSA-97x5-cc53-cv4v","reference_id":"GHSA-97x5-cc53-cv4v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-97x5-cc53-cv4v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/140620?format=json","purl":"pkg:npm/froala-editor@4.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9153-xwpf-skgy"},{"vulnerability":"VCID-bupg-2wet-vfat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/froala-editor@4.0.11"}],"aliases":["CVE-2020-22864","GHSA-97x5-cc53-cv4v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3mjr-5k5j-h3ew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56151?format=json","vulnerability_id":"VCID-9153-xwpf-skgy","summary":"Froala WYSIWYG editor allows cross-site scripting (XSS)\nInconsistent <plaintext> tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51434","reference_id":"","reference_type":"","scores":[{"value":"0.005","scoring_system":"epss","scoring_elements":"0.66386","published_at":"2026-06-06T12:55:00Z"},{"value":"0.005","scoring_system":"epss","scoring_elements":"0.66375","published_at":"2026-06-09T12:55:00Z"},{"value":"0.005","scoring_system":"epss","scoring_elements":"0.66357","published_at":"2026-06-08T12:55:00Z"},{"value":"0.005","scoring_system":"epss","scoring_elements":"0.6637","published_at":"2026-06-07T12:55:00Z"},{"value":"0.005","scoring_system":"epss","scoring_elements":"0.66377","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51434"},{"reference_url":"https://georgyg.com/home/froala-wysiwyg-editor---xss-cve-2024-51434","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://georgyg.com/home/froala-wysiwyg-editor---xss-cve-2024-51434"},{"reference_url":"https://github.com/froala/wysiwyg-editor","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froala/wysiwyg-editor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51434","reference_id":"CVE-2024-51434","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51434"},{"reference_url":"https://georgyg.com/home/froala-wysiwyg-editor---xss-cve-2024-51434/","reference_id":"froala-wysiwyg-editor---xss-cve-2024-51434","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-08T16:29:42Z/"}],"url":"https://georgyg.com/home/froala-wysiwyg-editor---xss-cve-2024-51434/"},{"reference_url":"https://github.com/advisories/GHSA-549p-5c7f-c5p4","reference_id":"GHSA-549p-5c7f-c5p4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-549p-5c7f-c5p4"}],"fixed_packages":[],"aliases":["CVE-2024-51434","GHSA-549p-5c7f-c5p4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9153-xwpf-skgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42370?format=json","vulnerability_id":"VCID-9yss-6cdd-9bge","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nFroala Editor before 3.2.3 allows XSS.","references":[{"reference_url":"http://packetstormsecurity.com/files/158300/Froala-WYSIWYG-HTML-Editor-3.1.1-Cross-Site-Scripting.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/158300/Froala-WYSIWYG-HTML-Editor-3.1.1-Cross-Site-Scripting.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19935","reference_id":"","reference_type":"","scores":[{"value":"0.02161","scoring_system":"epss","scoring_elements":"0.84608","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02161","scoring_system":"epss","scoring_elements":"0.8462","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02161","scoring_system":"epss","scoring_elements":"0.84596","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02161","scoring_system":"epss","scoring_elements":"0.84622","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02161","scoring_system":"epss","scoring_elements":"0.84625","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02161","scoring_system":"epss","scoring_elements":"0.84621","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19935"},{"reference_url":"https://blog.compass-security.com/2020/07/yet-another-froala-0-day-xss","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.compass-security.com/2020/07/yet-another-froala-0-day-xss"},{"reference_url":"https://blog.compass-security.com/2020/07/yet-another-froala-0-day-xss/","reference_id":"","reference_type":"","scores":[],"url":"https://blog.compass-security.com/2020/07/yet-another-froala-0-day-xss/"},{"reference_url":"https://compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2020-004_DOM_XSS_in_Froala_WYSIWYG_HTML_Editor.txt","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2020-004_DOM_XSS_in_Froala_WYSIWYG_HTML_Editor.txt"},{"reference_url":"https://froala.com/wysiwyg-editor/changelog/#3.2.3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://froala.com/wysiwyg-editor/changelog/#3.2.3"},{"reference_url":"https://github.com/froala/wysiwyg-editor/compare/v3.0.5...v3.0.6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froala/wysiwyg-editor/compare/v3.0.5...v3.0.6"},{"reference_url":"https://github.com/froala/wysiwyg-editor-release","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froala/wysiwyg-editor-release"},{"reference_url":"https://snyk.io/vuln/npm:froala-editor","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://snyk.io/vuln/npm:froala-editor"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19935","reference_id":"CVE-2019-19935","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19935"},{"reference_url":"https://github.com/advisories/GHSA-h236-g5gh-vq6c","reference_id":"GHSA-h236-g5gh-vq6c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h236-g5gh-vq6c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60599?format=json","purl":"pkg:npm/froala-editor@3.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3mjr-5k5j-h3ew"},{"vulnerability":"VCID-9153-xwpf-skgy"},{"vulnerability":"VCID-je93-db45-akd3"},{"vulnerability":"VCID-pmnu-pk72-qybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/froala-editor@3.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/147766?format=json","purl":"pkg:npm/froala-editor@3.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3mjr-5k5j-h3ew"},{"vulnerability":"VCID-9153-xwpf-skgy"},{"vulnerability":"VCID-je93-db45-akd3"},{"vulnerability":"VCID-pmnu-pk72-qybr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/froala-editor@3.2.3"}],"aliases":["CVE-2019-19935","GHSA-h236-g5gh-vq6c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9yss-6cdd-9bge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41540?format=json","vulnerability_id":"VCID-je93-db45-akd3","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nFroala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module.","references":[{"reference_url":"http://froala.com","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://froala.com"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30109","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54503","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54467","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54525","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54534","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54524","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-30109"},{"reference_url":"https://github.com/froala/wysiwyg-editor-release","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/froala/wysiwyg-editor-release"},{"reference_url":"https://github.com/Hackdwerg/CVE-2021-30109/blob/main/README.md","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Hackdwerg/CVE-2021-30109/blob/main/README.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-30109","reference_id":"CVE-2021-30109","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-30109"},{"reference_url":"https://github.com/advisories/GHSA-cq6w-w5rj-p9x8","reference_id":"GHSA-cq6w-w5rj-p9x8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cq6w-w5rj-p9x8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58443?format=json","purl":"pkg:npm/froala-editor@3.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3mjr-5k5j-h3ew"},{"vulnerability":"VCID-9153-xwpf-skgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/froala-editor@3.2.7"}],"aliases":["CVE-2021-30109","GHSA-cq6w-w5rj-p9x8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-je93-db45-akd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41228?format=json","vulnerability_id":"VCID-pmnu-pk72-qybr","summary":"Cross-site Scripting\nFroala WYSIWYG Edit is affected by XSS due to a namespace confusion during parsing.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28114","reference_id":"","reference_type":"","scores":[{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68997","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68952","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68991","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.69","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68994","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68977","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28114"},{"reference_url":"https://froala.com/wysiwyg-editor","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://froala.com/wysiwyg-editor"},{"reference_url":"https://froala.com/wysiwyg-editor/","reference_id":"","reference_type":"","scores":[],"url":"https://froala.com/wysiwyg-editor/"},{"reference_url":"https://labs.bishopfox.com/advisories","reference_id":"","reference_type":"","scores":[],"url":"https://labs.bishopfox.com/advisories"},{"reference_url":"https://labs.bishopfox.com/advisories/froala-editor-v3.2.6","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://labs.bishopfox.com/advisories/froala-editor-v3.2.6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28114","reference_id":"CVE-2021-28114","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28114"},{"reference_url":"https://github.com/advisories/GHSA-rr6v-h7m8-wc9f","reference_id":"GHSA-rr6v-h7m8-wc9f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rr6v-h7m8-wc9f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58443?format=json","purl":"pkg:npm/froala-editor@3.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3mjr-5k5j-h3ew"},{"vulnerability":"VCID-9153-xwpf-skgy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/froala-editor@3.2.7"}],"aliases":["CVE-2021-28114","GHSA-rr6v-h7m8-wc9f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmnu-pk72-qybr"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/froala-editor@2.0.2"}