Editor Froala Version 3.2.6-1 Stored XSS and Html Code Injection

2021.03.07

Vincent666 ibn Winnie (RU)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

#Exploit Title: Stored XSS and Html Code Injection Editor Froala Version 3.2.6-1 
# Date:06.03.2021
# Author: Vincent666 ibn Winnie
# Software Link: https://froala.com/wysiwyg-editor/
# Tested on: Windows 10
# Web Browser: Mozilla Firefox
# My Youtube Channel: https://www.youtube.com/channel/UCZOWpC2dW9sipPq5z63C2rQ

PoC:

In the Froala I used xss code in base 64 and some tags for html code injection.

Vuln Fields: Embed Url,Insert Link,Insert Files,Insert Video,etc.

Example with Insert Files or Insert Image:

Click browse files – choose file img  from computer 

https://imgur.com/a/WIfQQw5

Insert on page , click on image and choose Insert Link and paste XSS code:

https://imgur.com/a/P59ePrm

And insert! Stored XSS + Full Html Code Injection Deface page.

https://imgur.com/a/Ksc5VWX

XSS Code:

https://pastebin.com/jUUXQbzs

Video with XSS and Html Code Injection:

https://www.youtube.com/watch?v=QO2XiR8N1P0

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Editor Froala Version 3.2.6-1 Stored XSS and Html Code Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.