5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
51.7%
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | ckeditor | < 4.19.0+dfsg-1 | ckeditor_4.19.0+dfsg-1_all.deb |
Debian | 11 | all | ckeditor | <= 4.16.0+dfsg-2 | ckeditor_4.16.0+dfsg-2_all.deb |
Debian | 10 | all | ckeditor | <= 4.11.1+dfsg-1 | ckeditor_4.11.1+dfsg-1_all.deb |
Debian | 999 | all | ckeditor | < 4.19.0+dfsg-1 | ckeditor_4.19.0+dfsg-1_all.deb |
Debian | 13 | all | ckeditor | < 4.19.0+dfsg-1 | ckeditor_4.19.0+dfsg-1_all.deb |
Debian | 12 | all | ckeditor3 | <= 3.6.6.1+dfsg-7 | ckeditor3_3.6.6.1+dfsg-7_all.deb |
Debian | 11 | all | ckeditor3 | <= 3.6.6.1+dfsg-7 | ckeditor3_3.6.6.1+dfsg-7_all.deb |
Debian | 10 | all | ckeditor3 | <= 3.6.6.1+dfsg-3 | ckeditor3_3.6.6.1+dfsg-3_all.deb |
Debian | 999 | all | ckeditor3 | <= 3.6.6.1+dfsg-7 | ckeditor3_3.6.6.1+dfsg-7_all.deb |
Debian | 13 | all | ckeditor3 | <= 3.6.6.1+dfsg-7 | ckeditor3_3.6.6.1+dfsg-7_all.deb |
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
51.7%