CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
9.5%
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on CKEditor 4 instances. The issue impacts only editor instances with enabled version notifications. Please note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are unsure, please contact us. The fix is available in version 4.25.0-lts.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | ckeditor | < 4.19.1+dfsg-1 | ckeditor_4.19.1+dfsg-1_all.deb |
Debian | 11 | all | ckeditor | < 4.16.0+dfsg-2 | ckeditor_4.16.0+dfsg-2_all.deb |
Debian | 999 | all | ckeditor | <= 4.22.1+dfsg1-2 | ckeditor_4.22.1+dfsg1-2_all.deb |
Debian | 13 | all | ckeditor | <= 4.22.1+dfsg1-2 | ckeditor_4.22.1+dfsg1-2_all.deb |
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
9.5%