Lucene search
K

127 matches found

OSV
OSV
added 2024/02/07 4:58 p.m.17 views

CVE-2024-24816 Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...

6.1CVSS6.3AI score0.01652EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/02/07 4:58 p.m.32 views

CVE-2024-24816 Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...

6.1CVSS6.3AI score0.01652EPSS
Exploits0References3
CVE
CVE
added 2024/02/07 4:58 p.m.289 views

CVE-2024-24816

CVE-2024-24816 affects CKEditor4 prior to 4.24.0-lts, in samples that expose the misconfigured preview feature. An attacker could execute JavaScript via the preview path in production code using affected CKEditor 4 instances. A remedy is to upgrade to CKEditor 4.24.0-lts or later. The provided co...

6.1CVSS5.7AI score0.01652EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/07 4:58 p.m.22 views

CVE-2024-24816 Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...

6.1CVSS5.9AI score0.01652EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/02/07 4:58 p.m.18 views

CVE-2024-24816

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...

6.1CVSS6.2AI score0.01652EPSS
Exploits0
NVD
NVD
added 2024/02/07 4:15 p.m.24 views

CVE-2024-24815

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...

6.1CVSS6.1AI score0.00706EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2024/02/07 4:15 p.m.43 views

CVE-2024-24815

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...

6.1CVSS6.7AI score0.00706EPSS
Exploits0References3
Prion
Prion
added 2024/02/07 4:15 p.m.26 views

Cross site scripting

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...

5.8CVSS6.1AI score0.00706EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/02/07 3:14 p.m.27 views

CVE-2024-24815 CKEditor4 Cross-site scripting (XSS) vulnerability caused by incorrect CDATA detection

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...

6.1CVSS6.4AI score0.00706EPSS
Exploits0References8
CVE
CVE
added 2024/02/07 3:14 p.m.248 views

CVE-2024-24815

CVE-2024-24815 (CKEditor4) : A cross-site scripting vulnerability affects CKEditor4 core HTML parsing in versions before 4.24.0-lts. When full-page editing is enabled or CDATA is allowed in Advanced Content Filtering, malformed HTML can bypass the ACF and execute JavaScript. The issue is caused b...

6.1CVSS5.9AI score0.00706EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2024/02/07 3:14 p.m.17 views

CVE-2024-24815 CKEditor4 Cross-site scripting (XSS) vulnerability caused by incorrect CDATA detection

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...

6.1CVSS6.3AI score0.00706EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/02/07 3:14 p.m.63 views

CVE-2024-24815 CKEditor4 Cross-site scripting (XSS) vulnerability caused by incorrect CDATA detection

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...

6.1CVSS5.8AI score0.00706EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2024/02/07 3:14 p.m.16 views

CVE-2024-24815

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...

6.1CVSS6.3AI score0.00706EPSS
Exploits0
CNNVD
CNNVD
added 2024/02/07 12:0 a.m.13 views

CKEditor 跨站脚本漏洞

CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in CKEditor4, which stems from the presence of a cross-site scripting vulnerability that can be exploited by an attacker to execute JavaScript code by abusing a misconfigured preview function...

6.1CVSS6.4AI score0.01652EPSS
Exploits0References6
Veracode
Veracode
added 2023/11/17 8:27 a.m.26 views

Cross-site Scripting

ckeditor4 is vulnerable for Cross-Site scripting. The vulnerability is due to the /ckeditor/samples/old/ajax.html file which allows an attacker to retrieve sensitive information...

6.1CVSS6.7AI score0.00878EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.15 views

Fedora 39 : ckeditor (2023-426b3a500d)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-426b3a500d advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...

6.1CVSS7AI score0.00725EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/04 12:0 a.m.18 views

Fedora 37 : ckeditor (2023-983ff03630)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-983ff03630 advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...

6.1CVSS7AI score0.00725EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/04 12:0 a.m.15 views

Fedora 38 : ckeditor (2023-79b5902a52)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-79b5902a52 advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...

6.1CVSS7AI score0.00725EPSS
Exploits0References2
OSV
OSV
added 2023/07/25 7:11 p.m.20 views

GHSA-M8FW-P3CR-6JQC Cross-Site Scripting in CKEditor4 WordCount Plugin

CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.4 Problem The WordCount plugin npm:ckeditor-wordcount-plugin for CKEditor4 is vulnerable to cross-site scripting when switching to the source code mode. This plugin is enabled via the Full.yaml configuration present, but is not...

4.7CVSS6AI score0.00481EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/07/25 7:11 p.m.23 views

Cross-Site Scripting in CKEditor4 WordCount Plugin

CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.4 Problem The WordCount plugin npm:ckeditor-wordcount-plugin for CKEditor4 is vulnerable to cross-site scripting when switching to the source code mode. This plugin is enabled via the Full.yaml configuration present, but is not...

6.5AI score
Exploits0References3Affected Software1
Rows per page
Query Builder