CVE-2023-42426

Name of the Vulnerable Software and Affected Versions Froala Editor version 4.1.1

Description A cross-site scripting (XSS) issue allows remote attackers to execute arbitrary code via the Insert link parameter in the Insert Image component. This enables attackers to inject malicious code, potentially leading to security breaches. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Froala Editor version 4.1.1, update the software to a newer version to safeguard against this issue. As a temporary workaround, consider restricting access to the Insert Image component or disabling the Insert link parameter to minimize the risk of exploitation.