1054 matches found
CVE-2026-28343
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...
UBUNTU-CVE-2026-28343
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...
CVE-2026-28343
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...
CVE-2026-28343 CKEditor: Cross-site scripting (XSS) in the HTML Support package
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...
CVE-2026-28343 CKEditor: Cross-site scripting (XSS) in the HTML Support package
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...
CVE-2026-28343 CKEditor: Cross-site scripting (XSS) in the HTML Support package
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...
CKEditor 跨站脚本漏洞
CKEditor is an open-source enterprise-level WYSIWYG editor developed by CKEditor. Versions of CKEditor prior to 47.6.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the General HTML Support feature, which allowed cross-site scripting, potentially enabling the...
@_sh/strapi-plugin-ckeditor (>=7.0.0 <=7.1.0), @ckeditor/ckeditor5-adapter-ckfinder (>=47.0.0 <=47.6.0-alpha.9) +94 more potentially affected by CVE-2026-28343 via @ckeditor/ckeditor5-engine (>=47.0.0-alpha.0 <=47.6.0-alpha.9)
@ckeditor/ckeditor5-engine NPM version =47.0.0-alpha.0, =7.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.6.0-alpha.9 and more Source cves: CVE-2026-28343 Source advisory: SNYK:JS-CKEDITORCKEDITOR5ENGINE-15426...
4game-support-ckeditor5-custom-build (>=0.0.1 <=0.0.5), 87-midnight-ckeditor5 (>=0.0.3 <=0.0.5) +663 more potentially affected by CVE-2026-28343 via @ckeditor/ckeditor5-html-support (>=29.2.0 <=47.6.0-alpha.9)
@ckeditor/ckeditor5-html-support NPM version =29.2.0, =0.0.1, =0.0.3, =0.0.1, =0.0.1, =42.0.1, =2.0.0, =0.7.0, =0.0.6, =1.0.1, =0.0.1, =0.0.1, =1.0.0, =36.0.0, =0.0.2, =1.1.0, =3.1.1 and more Source cves: CVE-2026-28343 Source advisory: OSV:GHSA-JRQM-VMQC-GM93...
4game-support-ckeditor5-custom-build (>=0.0.1 <=0.0.5), 87-midnight-ckeditor5 (>=0.0.3 <=0.0.5) +1481 more potentially affected by CVE-2026-28343 via ckeditor5 (>=29.2.0 <=47.6.0-alpha.9)
ckeditor5 NPM version =29.2.0, =0.0.1, =0.0.3, =0.0.1, =0.0.1, =29.2.0, =2.0.0, =30.0.0, =0.7.0, =1.0.0, =0.0.3, =0.0.6, =1.3.0, =1.0.1, =1.0.23 and more Source cves: CVE-2026-28343 Source advisory: OSV:GHSA-JRQM-VMQC-GM93...
Cross-site Scripting (XSS)
Overview @ckeditor/ckeditor5-html-support is a HTML Support feature for CKEditor 5. Affected versions of this package are vulnerable to Cross-site Scripting XSS via its unsafe htmlSupport configuration. An attacker can execute unauthorized JavaScript in the editor context by inserting specially...
@_sh/strapi-plugin-ckeditor (>=7.0.0 <=7.1.0), @ckeditor/ckeditor5-adapter-ckfinder (>=47.0.0 <=47.6.0-alpha.9) +94 more potentially affected by CVE-2026-28343 via @ckeditor/ckeditor5-html-support (>=47.0.0-alpha.0 <=47.6.0-alpha.9)
@ckeditor/ckeditor5-html-support NPM version =47.0.0-alpha.0, =7.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.6.0-alpha.9 and more Source cves: CVE-2026-28343 Source advisory:...
PT-2026-22082
Name of the Vulnerable Software and Affected Versions Drupal Material Icons versions prior to 2.0.4 Description The Drupal Material Icons module has an authorization issue. Insufficient permissions are added to dialog and autocomplete routes, potentially granting full access to these routes in ma...
DRUPAL-CONTRIB-2026-010
This module enables you to integrate and manage icons with Drupal. The module doesn't sufficiently sanitize user input leading to a reflected Cross-site Scripting XSS vulnerability. The vulnerability is mitigated by the fact that in order to be vulnerable, the "UI Icons for CKEditor 5" submodule...
PT-2026-7808
This module enables you to integrate and manage icons with Drupal. The module doesn't sufficiently sanitize user input leading to a reflected Cross-site Scripting XSS vulnerability. The vulnerability is mitigated by the fact that in order to be vulnerable, the "UI Icons for CKEditor 5" submodule...
UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010
This module enables you to integrate and manage icons with Drupal. The module doesn't sufficiently sanitize user input leading to a reflected Cross-site Scripting XSS vulnerability. The vulnerability is mitigated by the fact that in order to be vulnerable, the "UI Icons for CKEditor 5" submodule...
CVE-2025-13980
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...
CVE-2025-13980 CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...
EUVD-2025-206441
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...
CVE-2025-13980 CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...