CVE-2019-19935

Name of the Vulnerable Software and Affected Versions Froala Editor versions prior to 3.2.3

Description A DOM-based cross-site scripting (XSS) issue exists because HTML code in the editor is not correctly sanitized when inserted into the DOM. This allows an attacker that can control the editor content to execute arbitrary JavaScript in the context of the victim’s session.

Recommendations For versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue. As a temporary workaround, consider disabling the editor's ability to insert HTML code into the DOM until a patch is available. Restrict access to the editor to minimize the risk of exploitation.