CKEditor 跨站脚本漏洞

CKEditor is an open-source enterprise-level WYSIWYG editor developed by CKEditor. Versions of CKEditor prior to 47.6.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the General HTML Support feature, which allowed cross-site scripting, potentially enabling the...

CVE-2025-61261

A reflected cross-site scripting XSS vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

UBUNTU-CVE-2025-61261

A reflected cross-site scripting XSS vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

EUVD-2012-2073

Malware in sbrugna...

EUVD-2020-30260

Malware in sbrugna...

EUVD-2021-1613

Malware in sbrugna...

EUVD-2021-2267

Malware in sbrugna...

EUVD-2021-1585

Malware in sbrugna...

EUVD-2022-4431

Malicious code in bioql PyPI...

EUVD-2022-2406

Malicious code in bioql PyPI...

EUVD-2024-2865

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-13669

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site Scripting XSS vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10....

Linux Distros Unpatched Vulnerability : CVE-2022-24728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all...

CVE-2024-43411

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 and above. In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on...

CVE-2020-9440

A cross-site scripting XSS vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor...

CVE-2019-9870

plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements...

Debian dla-4112 : php-horde-editor - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4112 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4112-1 [email protected] https://www.debian.org/lts/security/...

Cross-Site Scripting (XSS)

@ckeditor/ckeditor5-real-time-collaboration is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user markers in the real-time collaboration package, which can allow unauthorized JavaScript execution in certain editor and token endpoint configurations...

Ubuntu: Security Advisory (USN-7258-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-13245

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting XSS.This issue affects CKEditor 4 LTS - WYSIWYG HTML editor: from 1.0.0 before 1.0.1...