Lucene search
K

127 matches found

Cvelist
Cvelist
added 2022/03/16 12:0 a.m.39 views

CVE-2022-24729 Regular expression Denial of Service in dialog plugin

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a brows...

6.5CVSS7.7AI score0.02448EPSS
Exploits0References6
OSV
OSV
added 2022/03/16 12:0 a.m.32 views

CVE-2022-24728 Cross-site Scripting in CKEditor4

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content...

5.4CVSS7.1AI score0.02448EPSS
Exploits0References9
OSV
OSV
added 2022/03/16 12:0 a.m.28 views

CVE-2022-24729 Regular expression Denial of Service in dialog plugin

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a brows...

6.5CVSS6.5AI score0.02448EPSS
Exploits0References8
Veracode
Veracode
added 2021/11/18 6:26 a.m.37 views

Cross-Site Scripting (XSS)

ckeditor4 is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of HTML in the Advance Content Filter ACF module which allows an attacker to inject maliciously crafted HTML containing Javascript code...

8.2CVSS1.4AI score0.01257EPSS
Exploits0References10Affected Software2
Tenable Nessus
Tenable Nessus
added 2021/11/18 12:0 a.m.50 views

Drupal 8.9.x < 8.9.20 / 9.1.x < 9.1.14 / 9.2.x < 9.2.9 Multiple Vulnerabilities (drupal-2021-11-17)

According to its self-reported version, the instance of Drupal running on the remote web server is 8.9.x prior to 8.9.20, 9.1.x prior to 9.1.14, or 9.2.x prior to 9.2.9. It is, therefore, affected by multiple vulnerabilities. - CKEditor4 is an open source WYSIWYG HTML editor. In affected versions...

8.2CVSS6.5AI score0.0147EPSS
Exploits0References13
NVD
NVD
added 2021/11/17 8:15 p.m.20 views

CVE-2021-41165

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...

8.2CVSS0.0147EPSS
Exploits0References6
OSV
OSV
added 2021/11/17 8:15 p.m.23 views

CVE-2021-41165

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...

5.4CVSS5.2AI score
Exploits0References6
Prion
Prion
added 2021/11/17 8:15 p.m.24 views

Design/Logic Flaw

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...

3.5CVSS5.7AI score0.0147EPSS
Exploits0References6Affected Software9
UbuntuCve
UbuntuCve
added 2021/11/17 8:15 p.m.36 views

CVE-2021-41165

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...

8.2CVSS6.7AI score0.0147EPSS
Exploits0References5
CVE
CVE
added 2021/11/17 7:15 p.m.224 views

CVE-2021-41165

CKEditor4 core HTML processing vulnerability (CVE-2021-41165) allows injection of malformed HTML comments bypassing content sanitization, potentially enabling JavaScript execution. Affected: CKEditor 4.x versions before 4.17.0 (affects all plugins). Impact: execution of arbitrary script in affect...

8.2CVSS6.2AI score0.0147EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2021/11/17 7:15 p.m.38 views

CVE-2021-41165

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...

8.2CVSS6.4AI score0.0147EPSS
Exploits0
NVD
NVD
added 2021/11/17 7:15 p.m.20 views

CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

8.2CVSS0.01257EPSS
Exploits0References8
OSV
OSV
added 2021/11/17 7:15 p.m.23 views

CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

5.4CVSS5.2AI score
Exploits0References8
UbuntuCve
UbuntuCve
added 2021/11/17 7:15 p.m.46 views

CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

8.2CVSS6.6AI score0.01257EPSS
Exploits0References5
Prion
Prion
added 2021/11/17 7:15 p.m.65 views

Hardcoded credentials

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

3.5CVSS6AI score0.01257EPSS
Exploits0References8Affected Software10
Debian CVE
Debian CVE
added 2021/11/17 12:0 a.m.70 views

CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

8.2CVSS6.4AI score0.01257EPSS
Exploits0
CVE
CVE
added 2021/11/17 12:0 a.m.482 views

CVE-2021-41164

CKEditor4 contains an Advanced Content Filter (ACF) vulnerability (CVE-2021-41164) that allows injection of malformed HTML bypassing sanitization, enabling JavaScript execution. Affected: CKEditor4

8.2CVSS6.2AI score0.01257EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2021/11/17 12:0 a.m.25 views

CVE-2021-41164 Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

8.2CVSS8AI score0.01257EPSS
Exploits0References8
vulnersOsv
vulnersOsv
added 2021/10/13 3:34 p.m.4 views

ferris-rich-input (=0.0.1) potentially affected by CVE-2021-26272 via ckeditor4 (=4.14.0)

ckeditor4 NPM version =4.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on ckeditor4 and may be impacted: - ferris-rich-input =0.0.1 Source cves: CVE-2021-26272 Source advisory: OSV:GHSA-WPVM-WQR4-P7CW...

6.5CVSS6.7AI score0.02223EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/08/23 7:42 p.m.4 views

ferris-rich-input (=0.0.1) potentially affected by CVE-2021-37695 via ckeditor4 (=4.14.0)

ckeditor4 NPM version =4.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on ckeditor4 and may be impacted: - ferris-rich-input =0.0.1 Source cves: CVE-2021-37695 Source advisory: OSV:GHSA-M94C-37G6-CJHC...

7.3CVSS6.5AI score0.01324EPSS
Exploits0
Rows per page
Query Builder