127 matches found
CVE-2024-24816 Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...
CVE-2024-24816 Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...
CVE-2024-24816
CVE-2024-24816 affects CKEditor4 prior to 4.24.0-lts, in samples that expose the misconfigured preview feature. An attacker could execute JavaScript via the preview path in production code using affected CKEditor 4 instances. A remedy is to upgrade to CKEditor 4.24.0-lts or later. The provided co...
CVE-2024-24816 Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...
CVE-2024-24816
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...
CVE-2024-24815
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...
CVE-2024-24815
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...
Cross site scripting
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...
CVE-2024-24815 CKEditor4 Cross-site scripting (XSS) vulnerability caused by incorrect CDATA detection
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...
CVE-2024-24815
CVE-2024-24815 (CKEditor4) : A cross-site scripting vulnerability affects CKEditor4 core HTML parsing in versions before 4.24.0-lts. When full-page editing is enabled or CDATA is allowed in Advanced Content Filtering, malformed HTML can bypass the ACF and execute JavaScript. The issue is caused b...
CVE-2024-24815 CKEditor4 Cross-site scripting (XSS) vulnerability caused by incorrect CDATA detection
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...
CVE-2024-24815 CKEditor4 Cross-site scripting (XSS) vulnerability caused by incorrect CDATA detection
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...
CVE-2024-24815
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...
CKEditor 跨站脚本漏洞
CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in CKEditor4, which stems from the presence of a cross-site scripting vulnerability that can be exploited by an attacker to execute JavaScript code by abusing a misconfigured preview function...
Cross-site Scripting
ckeditor4 is vulnerable for Cross-Site scripting. The vulnerability is due to the /ckeditor/samples/old/ajax.html file which allows an attacker to retrieve sensitive information...
Fedora 39 : ckeditor (2023-426b3a500d)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-426b3a500d advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...
Fedora 37 : ckeditor (2023-983ff03630)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-983ff03630 advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...
Fedora 38 : ckeditor (2023-79b5902a52)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-79b5902a52 advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...
GHSA-M8FW-P3CR-6JQC Cross-Site Scripting in CKEditor4 WordCount Plugin
CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.4 Problem The WordCount plugin npm:ckeditor-wordcount-plugin for CKEditor4 is vulnerable to cross-site scripting when switching to the source code mode. This plugin is enabled via the Full.yaml configuration present, but is not...
Cross-Site Scripting in CKEditor4 WordCount Plugin
CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.4 Problem The WordCount plugin npm:ckeditor-wordcount-plugin for CKEditor4 is vulnerable to cross-site scripting when switching to the source code mode. This plugin is enabled via the Full.yaml configuration present, but is not...