Miggo Logo
Miggo Vulnerability Database
CVE-2020-26523

CVE-2020-26523: Froala WYSIWYG Editor XSS Vulnerability

6.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-26523
GHSA ID
GHSA-qrhq-x7xh-2784
EPSS Score
0.57441%
CWE
CWE-79
Published
5/24/2022
Updated
8/23/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
froala/wysiwyg-editorcomposer< 3.2.23.2.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information lacks concrete technical details about implementation flaws. While the XSS vulnerability stems from improper sanitization of pasted content, the advisory contains no code examples, patch diffs, or specific function references. Without commit details or patch documentation showing modified functions, we cannot confidently identify exact vulnerable functions. The vulnerability likely exists in HTML sanitization routines or paste event handlers, but insufficient evidence prevents precise identification of function names/paths.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ro*l* **itor ***or* *.*.* *llows XSS vi* p*st** *ont*nt.

Reasoning

T** provi*** vuln*r**ility in*orm*tion l**ks *on*r*t* t***ni**l **t*ils **out impl*m*nt*tion *l*ws. W*il* t** XSS vuln*r**ility st*ms *rom improp*r s*nitiz*tion o* p*st** *ont*nt, t** **visory *ont*ins no *o** *x*mpl*s, p*t** *i**s, or sp**i*i* *un*t