33 matches found
Input validation
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a brows...
UBUNTU-CVE-2022-24729
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a brows...
CVE-2022-24729 Regular expression Denial of Service in dialog plugin
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a brows...
PT-2022-5670 · Ckeditor4 +1 · Ckeditor4 +1
Name of the Vulnerable Software and Affected Versions: CKEditor4 versions prior to 4.18.0 Description: The issue is related to the dialog plugin in CKEditor4, which contains a vulnerability allowing abuse of a dialog input validator regular expression. This can cause a significant performance dro...
CVE-2022-24729
CVE-2022-24729 affects CKEditor4 prior to 4.18.0, where the dialog plugin has a vulnerability in the input validator regex that can cause a severe performance drop, leading to browser tab freeze (ReDoS). The issue is documented with a confirmed remediation: upgrade to CKEditor4 4.18.0 or newer. C...
CVE-2022-24729
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a brows...
CVE-2022-24729 Regular expression Denial of Service in dialog plugin
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a brows...
CVE-2021-24600
The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress 插件 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...
Regular expression Denial of Service in dialog plugin
Affected packages The vulnerability has been discovered and fixed in the dialog plugin. Packages indirectly affected by the issue having dialog plugin dependency: - Link - Image - Enhanced Image - Code Snippet - Iframe Dialog Impact A potential vulnerability has been discovered in CKEditor 4 dial...
CVE-2020-27193
A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...
CVE-2020-27193
A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...
MariaDB: Path traversal in command line client
The command line client has a directory traversal bug which allows server chosen files to be dlopened when it connects to a malicious server. The path can also be padded with / characters so that strxnmov drops the .so extension. The dlopen call is performed here: Impact In rare situations where...