CVE-2023-36477

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of...

Linux Distros Unpatched Vulnerability : CVE-2021-32808

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside t...

USN-7258-1: CKEditor vulnerabilities

Kevin Backhouse discovered that CKEditor did not properly sanitize HTML content. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : CKEditor vulnerabilities (USN-7258-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7258-1 advisory. Kevin Backhouse discovered that CKEditor did not properly sanitize HTML content. An attacker coul...

Security Bulletin: IBM Engineering Requirements Management DOORS Next uses a CKEditor version affected by multiple vulnerabilities

Summary IBM Engineering Requirements Management DOORS Next uses a CKEditor version vulnerable to CVE-2021-33829 'Cross-site Scripting', CVE-2020-27193 'Cross-site Scripting', CVE-2021-26272 ReDoS, CVE-2021-41164 'Cross-site Scripting', CVE-2021-26271 ReDoS, CVE-2021-37695 'Cross-site Scripting',...

Security Bulletin: IBM Sterling B2B Integrator is affected by multiple vulnerabilities in CKEditor

Summary IBM Sterling B2B Integrator is affected by multiple vulnerabilities in CKEditor Vulnerability Details CVEID:CVE-2021-32808 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the clipboard Widget plugin if used alongside the...

USN-5340-2: CKEditor vulnerabilities

USN-5340-1 fixed several vulnerabilities in CKEditor. This update provides the fixes for CVE-2018-9861, CVE-2020-9281, CVE-2021-32809, CVE-2021-33829 and CVE-2021-37695 for Ubuntu 16.04 ESM. Original advisory details: Kyaw Min Thein discovered that CKEditor incorrectly handled certain inputs. An...

USN-5340-2 ckeditor vulnerabilities

USN-5340-1 fixed several vulnerabilities in CKEditor. This update provides the fixes for CVE-2018-9861, CVE-2020-9281, CVE-2021-32809, CVE-2021-33829 and CVE-2021-37695 for Ubuntu 16.04 ESM. Original advisory details: Kyaw Min Thein discovered that CKEditor incorrectly handled certain inputs. An...

USN-5340-1: CKEditor vulnerabilities

Kyaw Min Thein discovered that CKEditor incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affects Ubuntu 18.04 LTS. CVE-2018-9861 Micha Bentkowski discovered that CKEditor incorrectly handled certain inputs. An attacker could...