XSS vulnerability found in popular WYSIWYG website editor
Security consultant at Bishop Fox Chris Davis recently discovered and publicly disclosed a new vulnerability in a popular tool used by at least 30,000 websites, a WYSIWYG editor. The bug is tracked as CVE-2021-28114 and impacts Froala version 3.2.6 and earlier. Froala operates as a WYSIWYG HTML rich text editor utilized by developers and content creators to operate websites across 30,000 different domains, according to Wappalyzer. The editing tool allegedly contains a security flaw in its HTML sanitization parsing protocol, allowing attackers to bypass protections.