Linux Distros Unpatched Vulnerability : CVE-2024-43407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The...

Linux Distros Unpatched Vulnerability : CVE-2021-26272

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then pre...

Linux Distros Unpatched Vulnerability : CVE-2018-17960

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. CVE-2018-17960 Note that Nessus relies on the presence of the package as...

@amplicode/addon-email-templates (>=0.0.1-snapshot.8 <=0.1.0-snapshot.1.6), @dankolz/news-flash (>=1.0.1 <=1.0.2) +9 more potentially affected by CVE-2024-43407 via ckeditor4 (>=4.14.0 <=4.22.1)

ckeditor4 NPM version =4.14.0, =0.0.1-snapshot.8, =1.0.1, =1.0.0, =1.0.0, =2.10.93, =2.10.0, =0.0.0, =1.0.36, =1.0.6, =1.0.59 Source cves: CVE-2024-43407 Source advisory: OSV:GHSA-7R32-VFJ5-C2JV...

DEBIAN-CVE-2024-43407

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...

Code Snippet GeSHi plugin in CKEditor 4 has reflected cross-site scripting (XSS) vulnerability

Affected packages The vulnerability has been discovered in Code Snippet GeSHi plugin. All integrators that use GeSHi syntax highlighter on the backend side can be affected. Impact A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a...

PT-2024-30569 · Cksource +2 · Ckeditor4 +2

Name of the Vulnerable Software and Affected Versions: CKEditor4 versions 4.22 through 4.24 Description: A theoretical issue has been identified in CKEditor4. In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an...

CKEditor4 安全漏洞

CKEditor4 is an enterprise WYSIWYG editor from CKEditor open source. A security vulnerability exists in versions prior to CKEditor4 4.25.0-lts. An attacker exploiting this vulnerability can write malicious scripts that can be executed by sending requests to the GeSHi library hosted on a PHP web...

@amplicode/addon-email-templates (>=0.0.1-snapshot.8 <=0.1.0-snapshot.1.6), @dankolz/news-flash (>=1.0.1 <=1.0.2) +9 more potentially affected by CVE-2024-24816 via ckeditor4 (>=4.14.0 <=4.22.1)

ckeditor4 NPM version =4.14.0, =0.0.1-snapshot.8, =1.0.1, =1.0.0, =1.0.0, =2.10.93, =2.10.0, =0.0.0, =1.0.36, =1.0.6, =1.0.59 Source cves: CVE-2024-24816 Source advisory: OSV:GHSA-MW2C-VX6J-MG76...

DEBIAN-CVE-2024-24816

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...

DEBIAN-CVE-2024-24815

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...

PT-2024-1942 · Unknown +3 · Ckeditor 4 +3

Name of the Vulnerable Software and Affected Versions: CKEditor 4 versions prior to 4.24.0-lts Description: A cross-site scripting vulnerability has been discovered in CKEditor 4, affecting versions prior to 4.24.0-lts that use the preview feature. This vulnerability allows an attacker to execute...

CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature

Affected packages The vulnerability has been discovered in the samples that use the preview feature: samples/old//.html plugins/plugin name/samples//.html All integrators that use these samples in the production code can be affected. Impact A potential vulnerability has been discovered in one of...

CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection

Affected packages The vulnerability has been discovered in the core HTML parsing module and may affect all editor instances that: Enabled full-page editing mode, or enabled CDATA elements in Advanced Content Filtering configuration defaults to script and style elements. Impact A potential...

DEBIAN-CVE-2023-28439

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

PT-2023-4804 · Ckeditor4 +3 · Ckeditor4 +3

Name of the Vulnerable Software and Affected Versions: CKEditor4 versions prior to 4.21.0 Description: A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages in CKEditor4. The vulnerability may trigger a JavaScript code after fulfilling special...

ferris-rich-input (=0.0.1) potentially affected by CVE-2022-24728 +1 more via ckeditor4 (=4.14.0)

ckeditor4 NPM version =4.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on ckeditor4 and may be impacted: - ferris-rich-input =0.0.1 Source cves: CVE-2022-24728, CVE-2022-24729 Source advisory: OSV:GHSA-4FC4-4P5G-6W89...

DEBIAN-CVE-2022-24728

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content...

PT-2022-16835 · Unknown +3 · Ckeditor 4 +3

Name of the Vulnerable Software and Affected Versions: CKEditor 4 versions prior to 4.18.0 Description: A vulnerability has been discovered in the core HTML processing module of CKEditor 4, which may affect all plugins used by the editor. This issue allows an attacker to inject malformed HTML,...

Cross-site Scripting in CKEditor4

Affected packages The vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 HTML processing core module. The vulnerability allowed to inject malformed HTML bypassing...