Editor Froala Version 3.2.6-1 Stored XSS and Html Code Injection

CVE Category Price Severity
CVE-2021-39815 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2021-03-07
cpe:Not specified
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

Editor Froala Version 3.2.6-1 Stored XSS and Html Code Injection
#Exploit Title: Stored XSS and Html Code Injection Editor Froala Version 3.2.6-1 
# Date:06.03.2021
# Author: Vincent666 ibn Winnie
# Software Link:
# Tested on: Windows 10
# Web Browser: Mozilla Firefox
# My Youtube Channel:


In the Froala I used xss code in base 64 and some tags for html code injection.

Vuln Fields: Embed Url,Insert Link,Insert Files,Insert Video,etc.

Example with Insert Files or Insert Image:

Click browse files  choose file img  from computer

Insert on page , click on image and choose Insert Link and paste XSS code:

And insert! Stored XSS + Full Html Code Injection Deface page.

XSS Code:

Video with XSS and Html Code Injection:

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum