Lucene search
+L

127 matches found

osv
osv
added 2024/08/21 3:17 p.m.21 views

CVE-2024-43411 CKEditor4 has a low risk cross-site scripting (XSS) vulnerability from domain takeover

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 and above. In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on...

3.1CVSS8.1AI score0.004EPSS
Exploits0References4
cvelist
cvelist
added 2024/08/21 3:17 p.m.40 views

CVE-2024-43411 CKEditor4 has a low risk cross-site scripting (XSS) vulnerability from domain takeover

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 and above. In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on...

3.1CVSS0.004EPSS
Exploits0References2
ubuntucve
ubuntucve
added 2024/08/21 3:15 p.m.19 views

CVE-2024-43407

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...

6.1CVSS7.1AI score0.00424EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2024/08/21 3:3 p.m.19 views

CVE-2024-43407 Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...

6.1CVSS6.5AI score0.00424EPSS
Exploits0References3
cve
cve
added 2024/08/21 3:3 p.m.131 views

CVE-2024-43407

Summary: CVE-2024-43407 affects CKEditor 4 via the Code Snippet GeSHi plugin, where a flaw in the GeSHi syntax highlighter could enable a reflected XSS attack. The GeSHi library was included as a vendor dependency in CKEditor 4 source files. The advisory states the GeSHi library is no longer acti...

6.1CVSS6.4AI score0.00424EPSS
Exploits0References3Affected Software1
debiancve
debiancve
added 2024/08/21 3:3 p.m.15 views

CVE-2024-43407

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...

6.1CVSS7.8AI score0.00424EPSS
Exploits0
cvelist
cvelist
added 2024/08/21 3:3 p.m.39 views

CVE-2024-43407 Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...

6.1CVSS0.00424EPSS
Exploits0References3
osv
osv
added 2024/08/21 3:3 p.m.11 views

CVE-2024-43407 Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...

6.1CVSS8.2AI score0.00424EPSS
Exploits0References5
osv
osv
added 2024/03/06 10:54 a.m.30 views

BIT-DRUPAL-2022-24728 Cross-site Scripting in CKEditor4

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content...

7.5CVSS6.1AI score0.02448EPSS
Exploits0References8
osv
osv
added 2024/03/06 10:54 a.m.30 views

BIT-DRUPAL-2022-24729 Regular expression Denial of Service in dialog plugin

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a brows...

7.5CVSS6.8AI score0.02448EPSS
Exploits0References7
veracode
veracode
added 2024/02/08 5:3 a.m.25 views

Cross-site Scripting (XSS)

CKEditor4 is vulnerable to Cross-site Scripting. The vulnerability is due to editor instances that have enabled full-page editing mode or enabled CDATA elements in the Advanced Content Filtering configuration which defaults to script and style elements. This flaw allows an attacker to inject...

6.1CVSS6.5AI score0.00706EPSS
Exploits0References6Affected Software1
veracode
veracode
added 2024/02/08 4:14 a.m.16 views

Cross Site Scripting (XSS)

ckeditor4 is vulnerable to Cross Site Scripting XSS. The vulnerability due to the preview feature which allows an attacker to execute arbitrary JavaScript resulting in XSS...

6.1CVSS6.8AI score0.01652EPSS
Exploits0References4Affected Software1
vulnersosv
vulnersosv
added 2024/02/07 5:34 p.m.4 views

@amplicode/addon-email-templates (>=0.0.1-snapshot.8 <=0.1.0-snapshot.1.6), @dankolz/news-flash (>=1.0.1 <=1.0.2) +10 more potentially affected by CVE-2023-4771 via ckeditor4 (>=4.14.0 <=4.22.1)

ckeditor4 NPM version =4.14.0, =0.0.1-snapshot.8, =1.0.1, =1.0.0, =1.0.5, =1.0.0, =2.10.93, =2.10.0, =0.0.0, =1.0.36, =1.0.6, =1.0.59 Source cves: CVE-2023-4771 Source advisory: OSV:GHSA-WH5W-82F3-WRXH...

6.1CVSS6.3AI score0.00878EPSS
Exploits1
github
github
added 2024/02/07 5:31 p.m.41 views

CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature

Affected packages The vulnerability has been discovered in the samples that use the preview feature: samples/old//.html plugins/plugin name/samples//.html All integrators that use these samples in the production code can be affected. Impact A potential vulnerability has been discovered in one of...

6.1CVSS6.2AI score0.01652EPSS
Exploits0References5Affected Software1
osv
osv
added 2024/02/07 5:31 p.m.28 views

GHSA-MW2C-VX6J-MG76 CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature

Affected packages The vulnerability has been discovered in the samples that use the preview feature: samples/old//.html plugins/plugin name/samples//.html All integrators that use these samples in the production code can be affected. Impact A potential vulnerability has been discovered in one of...

6.1CVSS6.4AI score0.01652EPSS
Exploits0References5
github
github
added 2024/02/07 5:30 p.m.183 views

CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection

Affected packages The vulnerability has been discovered in the core HTML parsing module and may affect all editor instances that: Enabled full-page editing mode, or enabled CDATA elements in Advanced Content Filtering configuration defaults to script and style elements. Impact A potential...

6.1CVSS6.5AI score0.00706EPSS
Exploits0References8Affected Software2
vulnersosv
vulnersosv
added 2024/02/07 5:30 p.m.7 views

@amplicode/addon-email-templates (>=0.0.1-snapshot.8 <=0.1.0-snapshot.1.6), @dankolz/news-flash (>=1.0.1 <=1.0.2) +10 more potentially affected by CVE-2024-24815 via ckeditor4 (>=4.14.0 <=4.22.1)

ckeditor4 NPM version =4.14.0, =0.0.1-snapshot.8, =1.0.1, =1.0.0, =1.0.5, =1.0.0, =2.10.93, =2.10.0, =0.0.0, =1.0.36, =1.0.6, =1.0.59 Source cves: CVE-2024-24815 Source advisory: OSV:GHSA-FQ6H-4G8V-QQVM...

6.1CVSS6.8AI score0.00706EPSS
Exploits0
osv
osv
added 2024/02/07 5:30 p.m.33 views

GHSA-FQ6H-4G8V-QQVM CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection

Affected packages The vulnerability has been discovered in the core HTML parsing module and may affect all editor instances that: Enabled full-page editing mode, or enabled CDATA elements in Advanced Content Filtering configuration defaults to script and style elements. Impact A potential...

6.1CVSS6.1AI score0.00706EPSS
Exploits0References8
nvd
nvd
added 2024/02/07 5:15 p.m.23 views

CVE-2024-24816

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...

6.1CVSS6.1AI score0.01652EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2024/02/07 5:15 p.m.27 views

CVE-2024-24816

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...

6.1CVSS6.9AI score0.01652EPSS
Exploits0References3
Rows per page
Query Builder