Lucene search
K

127 matches found

Veracode
Veracode
added 2022/03/17 8:30 a.m.40 views

Regular Expression Denial Of Service (ReDoS)

ckeditor4 is vulnerable to regular expression denial of service. The vulnerability exists due to a lack of sanitization of the input validator regular expression in dialog...

7.5CVSS3.9AI score0.02448EPSS
Exploits0References8Affected Software2
Veracode
Veracode
added 2022/03/17 8:4 a.m.153 views

Remote Code Execution (RCE)

ckeditor4 is vulnerable to remote code execution. The vulnerability exists due to lack of sanitization malformed HTML allowing an attacker to inject maliciously crafted script...

5.4CVSS2.3AI score0.01162EPSS
Exploits0References9Affected Software2
CNVD
CNVD
added 2022/03/17 12:0 a.m.35 views

CKEditor4 authentication vulnerability

An authentication vulnerability exists in CKEditor4, an open source HTML editor, in the "Dialog Box" plug-in. The vulnerability allows misuse of the dialog input validator regular expression, which can cause significant performance degradation, leading to browser tab freezes. No details of the...

7.5CVSS1.5AI score0.02448EPSS
Exploits0References1
OSV
OSV
added 2022/03/16 10:47 p.m.161 views

GHSA-4FC4-4P5G-6W89 Cross-site Scripting in CKEditor4

Affected packages The vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 HTML processing core module. The vulnerability allowed to inject malformed HTML bypassing...

5.4CVSS6.1AI score0.02448EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2022/03/16 10:47 p.m.56 views

Cross-site Scripting in CKEditor4

Affected packages The vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 HTML processing core module. The vulnerability allowed to inject malformed HTML bypassing...

5.4CVSS0.7AI score0.01162EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2022/03/16 5:15 p.m.17 views

CVE-2022-24729

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a brows...

7.5CVSS0.02448EPSS
Exploits0References6
OSV
OSV
added 2022/03/16 5:15 p.m.4 views

DEBIAN-CVE-2022-24729

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a brows...

7.5CVSS6.7AI score0.02448EPSS
Exploits0References1
Prion
Prion
added 2022/03/16 5:15 p.m.56 views

Input validation

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a brows...

5CVSS7.2AI score0.02448EPSS
Exploits0References6Affected Software9
UbuntuCve
UbuntuCve
added 2022/03/16 5:15 p.m.56 views

CVE-2022-24729

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a brows...

7.5CVSS6.8AI score0.02448EPSS
Exploits0References2
NVD
NVD
added 2022/03/16 4:15 p.m.23 views

CVE-2022-24728

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content...

5.4CVSS0.01162EPSS
Exploits0References7
Prion
Prion
added 2022/03/16 4:15 p.m.63 views

Hardcoded credentials

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content...

3.5CVSS6.1AI score0.01162EPSS
Exploits0References7Affected Software9
UbuntuCve
UbuntuCve
added 2022/03/16 4:15 p.m.44 views

CVE-2022-24728

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content...

5.4CVSS6.7AI score0.01162EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/03/16 12:0 a.m.22 views

CVE-2022-24728 Cross-site Scripting in CKEditor4

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content...

5.4CVSS6.5AI score0.01162EPSS
Exploits0References7
Cvelist
Cvelist
added 2022/03/16 12:0 a.m.38 views

CVE-2022-24729 Regular expression Denial of Service in dialog plugin

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a brows...

6.5CVSS7.7AI score0.02448EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/03/16 12:0 a.m.85 views

Drupal 9.2.x < 9.2.15 / 9.3.x < 9.3.8 Multiple Vulnerabilities (drupal-2022-03-16)

According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.15 or 9.3.x prior to 9.3.8. It is, therefore, affected by multiple vulnerabilities. - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to...

7.5CVSS6.6AI score0.02448EPSS
Exploits0References13
CNNVD
CNNVD
added 2022/03/16 12:0 a.m.16 views

CKEditor 资源管理错误漏洞

An authentication vulnerability exists in CKEditor4, an open source HTML editor, in the "Dialog Box" plug-in. The vulnerability allows misuse of the dialog input validator regular expression, which can cause significant performance degradation, leading to browser tab freezes. No details of the...

7.5CVSS6.8AI score0.02448EPSS
Exploits0References12
OSV
OSV
added 2022/03/16 12:0 a.m.28 views

CVE-2022-24729 Regular expression Denial of Service in dialog plugin

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a brows...

6.5CVSS6.5AI score0.02448EPSS
Exploits0References8
OSV
OSV
added 2022/03/16 12:0 a.m.31 views

CVE-2022-24728 Cross-site Scripting in CKEditor4

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content...

5.4CVSS7.1AI score0.02448EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2022/03/16 12:0 a.m.65 views

CVE-2022-24729

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a brows...

7.5CVSS6.5AI score0.02448EPSS
Exploits0
CVE
CVE
added 2022/03/16 12:0 a.m.590 views

CVE-2022-24729

CVE-2022-24729 affects CKEditor4 prior to 4.18.0, where the dialog plugin has a vulnerability in the input validator regex that can cause a severe performance drop, leading to browser tab freeze (ReDoS). The issue is documented with a confirmed remediation: upgrade to CKEditor4 4.18.0 or newer. C...

7.5CVSS6.7AI score0.02448EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder