Lucene search
K

1054 matches found

UbuntuCve
UbuntuCve
added 2026/03/05 8:16 p.m.7 views

CVE-2026-28343

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...

6.4CVSS5.7AI score0.00268EPSS
Exploits0References3
OSV
OSV
added 2026/03/05 8:16 p.m.14 views

UBUNTU-CVE-2026-28343

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...

6.4CVSS5.7AI score0.00268EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/05 7:42 p.m.5 views

CVE-2026-28343

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...

6.4CVSS5.6AI score0.00268EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/05 7:42 p.m.9 views

CVE-2026-28343 CKEditor: Cross-site scripting (XSS) in the HTML Support package

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...

6.4CVSS5.8AI score0.00268EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/05 7:42 p.m.4 views

CVE-2026-28343 CKEditor: Cross-site scripting (XSS) in the HTML Support package

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...

6.4CVSS5.6AI score0.00268EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/05 7:42 p.m.52 views

CVE-2026-28343 CKEditor: Cross-site scripting (XSS) in the HTML Support package

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...

6.4CVSS0.00268EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.9 views

CKEditor 跨站脚本漏洞

CKEditor is an open-source enterprise-level WYSIWYG editor developed by CKEditor. Versions of CKEditor prior to 47.6.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the General HTML Support feature, which allowed cross-site scripting, potentially enabling the...

6.4CVSS5.8AI score0.00268EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/03/04 6:49 p.m.7 views

@_sh/strapi-plugin-ckeditor (>=7.0.0 <=7.1.0), @ckeditor/ckeditor5-adapter-ckfinder (>=47.0.0 <=47.6.0-alpha.9) +94 more potentially affected by CVE-2026-28343 via @ckeditor/ckeditor5-engine (>=47.0.0-alpha.0 <=47.6.0-alpha.9)

@ckeditor/ckeditor5-engine NPM version =47.0.0-alpha.0, =7.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.6.0-alpha.9 and more Source cves: CVE-2026-28343 Source advisory: SNYK:JS-CKEDITORCKEDITOR5ENGINE-15426...

6.4CVSS5.8AI score0.00268EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/04 6:49 p.m.8 views

4game-support-ckeditor5-custom-build (>=0.0.1 <=0.0.5), 87-midnight-ckeditor5 (>=0.0.3 <=0.0.5) +663 more potentially affected by CVE-2026-28343 via @ckeditor/ckeditor5-html-support (>=29.2.0 <=47.6.0-alpha.9)

@ckeditor/ckeditor5-html-support NPM version =29.2.0, =0.0.1, =0.0.3, =0.0.1, =0.0.1, =42.0.1, =2.0.0, =0.7.0, =0.0.6, =1.0.1, =0.0.1, =0.0.1, =1.0.0, =36.0.0, =0.0.2, =1.1.0, =3.1.1 and more Source cves: CVE-2026-28343 Source advisory: OSV:GHSA-JRQM-VMQC-GM93...

6.4CVSS5.7AI score0.00268EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/04 6:49 p.m.6 views

4game-support-ckeditor5-custom-build (>=0.0.1 <=0.0.5), 87-midnight-ckeditor5 (>=0.0.3 <=0.0.5) +1481 more potentially affected by CVE-2026-28343 via ckeditor5 (>=29.2.0 <=47.6.0-alpha.9)

ckeditor5 NPM version =29.2.0, =0.0.1, =0.0.3, =0.0.1, =0.0.1, =29.2.0, =2.0.0, =30.0.0, =0.7.0, =1.0.0, =0.0.3, =0.0.6, =1.3.0, =1.0.1, =1.0.23 and more Source cves: CVE-2026-28343 Source advisory: OSV:GHSA-JRQM-VMQC-GM93...

6.4CVSS5.7AI score0.00268EPSS
Exploits0
Snyk
Snyk
added 2026/03/04 6:49 p.m.6 views

Cross-site Scripting (XSS)

Overview @ckeditor/ckeditor5-html-support is a HTML Support feature for CKEditor 5. Affected versions of this package are vulnerable to Cross-site Scripting XSS via its unsafe htmlSupport configuration. An attacker can execute unauthorized JavaScript in the editor context by inserting specially...

6.4CVSS5.6AI score0.00268EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/04 6:49 p.m.15 views

@_sh/strapi-plugin-ckeditor (>=7.0.0 <=7.1.0), @ckeditor/ckeditor5-adapter-ckfinder (>=47.0.0 <=47.6.0-alpha.9) +94 more potentially affected by CVE-2026-28343 via @ckeditor/ckeditor5-html-support (>=47.0.0-alpha.0 <=47.6.0-alpha.9)

@ckeditor/ckeditor5-html-support NPM version =47.0.0-alpha.0, =7.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.0.0, =47.6.0-alpha.9 and more Source cves: CVE-2026-28343 Source advisory:...

6.4CVSS5.8AI score0.00268EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.5 views

PT-2026-22082

Name of the Vulnerable Software and Affected Versions Drupal Material Icons versions prior to 2.0.4 Description The Drupal Material Icons module has an authorization issue. Insufficient permissions are added to dialog and autocomplete routes, potentially granting full access to these routes in ma...

5.3CVSS5.9AI score0.00223EPSS
Exploits0References4
OSV
OSV
added 2026/02/11 4:54 p.m.16 views

DRUPAL-CONTRIB-2026-010

This module enables you to integrate and manage icons with Drupal. The module doesn't sufficiently sanitize user input leading to a reflected Cross-site Scripting XSS vulnerability. The vulnerability is mitigated by the fact that in order to be vulnerable, the "UI Icons for CKEditor 5" submodule...

6.1CVSS5.5AI score0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.8 views

PT-2026-7808

This module enables you to integrate and manage icons with Drupal. The module doesn't sufficiently sanitize user input leading to a reflected Cross-site Scripting XSS vulnerability. The vulnerability is mitigated by the fact that in order to be vulnerable, the "UI Icons for CKEditor 5" submodule...

5.8AI score0.00149EPSS
Exploits0References3
Drupal
Drupal
added 2026/02/11 12:0 a.m.15 views

UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010

This module enables you to integrate and manage icons with Drupal. The module doesn't sufficiently sanitize user input leading to a reflected Cross-site Scripting XSS vulnerability. The vulnerability is mitigated by the fact that in order to be vulnerable, the "UI Icons for CKEditor 5" submodule...

6.1CVSS5.4AI score0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 8:16 p.m.8 views

CVE-2025-13980

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...

5.3CVSS0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/28 8:1 p.m.4 views

CVE-2025-13980 CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...

5.9AI score0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/28 8:1 p.m.6 views

EUVD-2025-206441

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...

5.3CVSS5.9AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/28 8:1 p.m.20 views

CVE-2025-13980 CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0...

0.00234EPSS
Exploits0References1
Rows per page
Query Builder