CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

EUVD-2021-2315

Malware in sbrugna...

EUVD-2021-2375

Malware in sbrugna...

EUVD-2024-2518

Malicious code in bioql PyPI...

EUVD-2024-2528

Malicious code in bioql PyPI...

EUVD-2022-1305

Malicious code in bioql PyPI...

IBM Engineering Requirements Management DOORS 9.7.2.9 < 9.7.2.10 Multiple Vulnerabilities (7238992)

The version of IBM Engineering Requirements Management DOORS formerly IBM Rational DOORS installed on the remote host is 9.7.2.9 prior to 9.7.2.10. It is, therefore, affected by multiple vulnerabilities as referenced in the 7238992 advisory. - CKEditor4 is an open source WYSIWYG HTML editor. In...

CVE-2024-43407

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...

CVE-2024-13245 CKEditor 4 LTS - WYSIWYG HTML editor - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-009

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting XSS.This issue affects CKEditor 4 LTS - WYSIWYG HTML editor: from 1.0.0 before 1.0.1...

CVE-2024-13245 CKEditor 4 LTS - WYSIWYG HTML editor - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-009

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting XSS.This issue affects CKEditor 4 LTS - WYSIWYG HTML editor: from 1.0.0 before 1.0.1...

CVE-2024-13245

The CVE-2024-13245 issue affects Drupal CKEditor 4 LTS - WYSIWYG HTML editor (CKEditor 4 LTS) where an improper neutralization of input during web page generation creates a Cross-Site Scripting (XSS) vulnerability. Affected version range is 1.0.0 up to (before) 1.0.1. Several connected sources co...

PT-2025-2084 · Unknown · Ckeditor 4 Lts

Name of the Vulnerable Software and Affected Versions: CKEditor 4 LTS - WYSIWYG HTML editor versions 1.0.0 through 1.0.0 Description: The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting XSS. This enables attackers to inject malicious...

CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover

Affected Packages The issue impacts only editor instances with enabled version notifications. Please note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are...

GHSA-7R32-VFJ5-C2JV Code Snippet GeSHi plugin in CKEditor 4 has reflected cross-site scripting (XSS) vulnerability

Affected packages The vulnerability has been discovered in Code Snippet GeSHi plugin. All integrators that use GeSHi syntax highlighter on the backend side can be affected. Impact A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a...

Code Snippet GeSHi plugin in CKEditor 4 has reflected cross-site scripting (XSS) vulnerability

Affected packages The vulnerability has been discovered in Code Snippet GeSHi plugin. All integrators that use GeSHi syntax highlighter on the backend side can be affected. Impact A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a...

PT-2024-30564 · Geshi +3 · Geshi +3

Name of the Vulnerable Software and Affected Versions: CKEditor4 versions prior to 4.25.0-lts Description: A potential vulnerability has been discovered in the CKEditor 4 Code Snippet GeSHi plugin, allowing a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library. The...

BIT-DRUPAL-2021-41164 Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

BIT-DRUPAL-2021-41165 HTML comments vulnerability allowing to execute JavaScript code

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...

Cross site scripting

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...

GHSA-JV4C-7JQQ-M34X CKEditor 4 ReDoS Vulnerability

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs in the Advanced Tab for Dialogs plugin...