Safety vulnerability ID: 73017
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of django-froala-editor are vulnerable to Cross-Site Scripting (XSS) due to CVE-2023-41592 in the underlying Froala WYSIWYG editor.
Latest version: 4.3.1
django-froala-editor package helps integrate Froala WYSIWYG HTML editor with Django.
- Fixed, Editor does not re-upload pasted images with some content
- Fixed, `image.beforeUpload` event is not triggering when pasting rich content with images from MS Word
- Fixed, font format is incorrect when pasting list from MS doc
- Fixed, video plugin is not compatible with YouTube short video links
- Fixed, unexpected `DIV` replication when pasting tables in editor
- Fixed, CVE-2023-41592 XSS vulnerability
- Fixed, alignment and font size dropdowns are unresponsive in Inline Toolbar on Andriod mobile
- Fixed, Tracked Changes: When adding/pasting unordered lists with different formatting the single formatting applies on whole list
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application