wysiwyg-editor icon indicating copy to clipboard operation
wysiwyg-editor copied to clipboard

Published 20 hours ago verified publisher icon froala

XSS vulnerability CVE-2023-41592 still in version 4.2.2

Open jurajvalkucak opened this issue 4 months ago • 0 comments

CVE-2023-41592 Customize froala-editor : 4.2.2 Issue CVE-2023-41592 CVE-2023-42426 Severity CVE CVSS 35.4 Sonatype CVSS 36.1 Weakness CVE CWE79 Source National Vulnerability Database Categories Data Description from CVE Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability.

Explanation The froala-editor package is vulnerable to Cross-Site Scripting (XSS). When using the 'Insert Image' component to add hyperlinks to an exiting image in a FroalaEditor instance, the editor does not properly sanitize the href attribute (link value) provided for the tag. An attacker can exploit this vulnerability by providing a crafted hyperlink code which, if saved on the backend of a website using Froala Editor, can result in stored XSS attacks when rendered in a visitor's web browser.

Note: While researching CVE-2023-41592, the Sonatype Security research team also accounted for the issue which was later assigned CVE-2023-42426. Given the identical nature of the vulnerability and the attack vector, we are treating these CVEs identical. As such, information for both CVE-2023-41592 and CVE-2023-42426 is captured here.

Given the following Advisory Deviation Notice, we consider CVE-2023-41592 to also cover CVE-2023-43263.

Advisory Deviation Notice: The Sonatype Security Research team tested the provided PoC exploits (see "Additional Resources") against Froala Editor versions <4.0.1 and >=4.1.2 (4.2.1 being the latest version at the time of our Deep Dive research) and observed the vulnerability could be reproduced in these versions. As such, versions prior to 4.x are also vulnerable, contrary to what is stated in this advisory. Additionally, a fixed version is not available at the time of our research.

Detection The application is vulnerable by using this component.

Recommendation There is no non-vulnerable upgrade path for this component/package. We recommend investigating alternative components or a potential mitigating control.

Version Affected [1.2.0,4.3.0] Root Cause froala-editor-4.2.2.tgzpackage/js/froala_editor.min.js(,) froala-editor-4.2.2.tgzpackage/js/froala_editor.pkgd.min.js(,) froala-editor-4.2.2.tgzpackage/index.d.ts[4.1.0, ) Advisories Attackhttps://github.com/froala/wysiwyg-editor/issues/4678 Evidencehttps://www.youtube.com/watch?v=Me33Dx1_XqQ Third Partyhttps://hacker.soarescorp.com/cve/2023-41592/ CVSS Details CVE CVSS 35.4 CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

jurajvalkucak avatar Oct 08 '24 07:10 jurajvalkucak