Code Snippet GeSHi plugin in CKEditor 4 has reflected cross-site scripting (XSS) vulnerability

Affected packages The vulnerability has been discovered in Code Snippet GeSHi plugin. All integrators that use GeSHi syntax highlighter on the backend side can be affected. Impact A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a...

PT-2024-30564 · Geshi +3 · Geshi +3

Name of the Vulnerable Software and Affected Versions: CKEditor4 versions prior to 4.25.0-lts Description: A potential vulnerability has been discovered in the CKEditor 4 Code Snippet GeSHi plugin, allowing a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library. The...