A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's...
6.1CVSS
7AI Score
0.0005EPSS
ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor. It has been discovered that the ckeditor-wordcount-plugin plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. This issue has been addressed in version 1.17.12 of the...
6.1CVSS
6.1AI Score
0.001EPSS
A unrestricted file upload vulnerability was discovered in the βBrowse and upload imagesβ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the...
9.8CVSS
9.4AI Score
0.001EPSS
CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator (who is...
6.1CVSS
6.2AI Score
0.001EPSS
CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileged user with...
8.8CVSS
9AI Score
0.008EPSS