Lucene search

GoogleOSV:GHSA-HXJC-9J8V-V9PR

HistoryNov 16, 2023 - 3:30 p.m.

CKEditor Cross-site Scripting vulnerability

2023-11-1615:30:20

Google

osv.dev

cksource ckeditor

cross-site scripting

versions 4.15.1

attacker

javascript code

ajax.html

authorized user's information

software

6.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user’s information.

CPENameOperatorVersion
ckeditor4le4.15.1

CPE	Name	Operator	Version
	ckeditor4	le	4.15.1

References

github.com/ckeditor/ckeditor4-releases

nvd.nist.gov/vuln/detail/CVE-2023-4771

www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-cksource-ckeditor