CVE-2023-22457 org.xwiki.contrib:application-ckeditor-ui vulnerable to Remote Code Execution via Cross-Site Request Forgery

🗓️ 04 Jan 2023 14:24:39Reported by GoogleType

osv

osv🔗 osv.dev👁 16 Views

CKEditor UI allows CSRF attack, leading to remote code execution and unauthorized acces

Reporter	Title	Published	Views	Family All 15
BDU FSTEC	The vulnerability of the integration interface of CKEditor, a platform for creating collaborative web applications like XWiki Platform XWiki, arises from insufficient verification of the authenticity of executed requests. This allows attackers to carry out CSRF attacks.	7 Sep 202300:00	–	bdu_fstec
Circl	CVE-2023-22457	4 Jan 202318:18	–	circl
CNNVD	CKEditor 跨站请求伪造漏洞	4 Jan 202300:00	–	cnnvd
CVE	CVE-2023-22457	4 Jan 202314:24	–	cve
Cvelist	CVE-2023-22457 org.xwiki.contrib:application-ckeditor-ui vulnerable to Remote Code Execution via Cross-Site Request Forgery	4 Jan 202314:24	–	cvelist
EUVD	EUVD-2023-0368	3 Oct 202520:07	–	euvd
Github Security Blog	XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery	6 Jan 202317:15	–	github
NVD	CVE-2023-22457	4 Jan 202315:15	–	nvd
OSV	GHSA-6MJP-2RM6-9G85 XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery	6 Jan 202317:15	–	osv
OSV	UBUNTU-CVE-2023-22457	4 Jan 202315:15	–	osv

Source	Link
jira	www.jira.xwiki.org/browse/CKEDITOR-475
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2023/22xxx/CVE-2023-22457.json
github	www.github.com/xwiki-contrib/application-ckeditor/security/advisories/GHSA-6mjp-2rm6-9g85
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-22457
github	www.github.com/xwiki-contrib/application-ckeditor/commit/6b1053164386aefc526df7512bc664918aa6849b

02 Apr 2026 08:47Current

8.8High risk

Vulners AI Score8.8

CVSS 3.19

EPSS0.0113

ckeditor ui csrf attack remote code execution unauthorized access patch xwiki upgrade