127 matches found
CVE-2024-43411 CKEditor4 has a low risk cross-site scripting (XSS) vulnerability from domain takeover
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 and above. In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on...
CVE-2024-43411 CKEditor4 has a low risk cross-site scripting (XSS) vulnerability from domain takeover
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 and above. In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on...
CVE-2024-43407
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...
CVE-2024-43407 Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...
CVE-2024-43407
Summary: CVE-2024-43407 affects CKEditor 4 via the Code Snippet GeSHi plugin, where a flaw in the GeSHi syntax highlighter could enable a reflected XSS attack. The GeSHi library was included as a vendor dependency in CKEditor 4 source files. The advisory states the GeSHi library is no longer acti...
CVE-2024-43407
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...
CVE-2024-43407 Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...
CVE-2024-43407 Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSH...
BIT-DRUPAL-2022-24728 Cross-site Scripting in CKEditor4
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content...
BIT-DRUPAL-2022-24729 Regular expression Denial of Service in dialog plugin
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a brows...
Cross-site Scripting (XSS)
CKEditor4 is vulnerable to Cross-site Scripting. The vulnerability is due to editor instances that have enabled full-page editing mode or enabled CDATA elements in the Advanced Content Filtering configuration which defaults to script and style elements. This flaw allows an attacker to inject...
Cross Site Scripting (XSS)
ckeditor4 is vulnerable to Cross Site Scripting XSS. The vulnerability due to the preview feature which allows an attacker to execute arbitrary JavaScript resulting in XSS...
@amplicode/addon-email-templates (>=0.0.1-snapshot.8 <=0.1.0-snapshot.1.6), @dankolz/news-flash (>=1.0.1 <=1.0.2) +10 more potentially affected by CVE-2023-4771 via ckeditor4 (>=4.14.0 <=4.22.1)
ckeditor4 NPM version =4.14.0, =0.0.1-snapshot.8, =1.0.1, =1.0.0, =1.0.5, =1.0.0, =2.10.93, =2.10.0, =0.0.0, =1.0.36, =1.0.6, =1.0.59 Source cves: CVE-2023-4771 Source advisory: OSV:GHSA-WH5W-82F3-WRXH...
CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature
Affected packages The vulnerability has been discovered in the samples that use the preview feature: samples/old//.html plugins/plugin name/samples//.html All integrators that use these samples in the production code can be affected. Impact A potential vulnerability has been discovered in one of...
GHSA-MW2C-VX6J-MG76 CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature
Affected packages The vulnerability has been discovered in the samples that use the preview feature: samples/old//.html plugins/plugin name/samples//.html All integrators that use these samples in the production code can be affected. Impact A potential vulnerability has been discovered in one of...
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection
Affected packages The vulnerability has been discovered in the core HTML parsing module and may affect all editor instances that: Enabled full-page editing mode, or enabled CDATA elements in Advanced Content Filtering configuration defaults to script and style elements. Impact A potential...
@amplicode/addon-email-templates (>=0.0.1-snapshot.8 <=0.1.0-snapshot.1.6), @dankolz/news-flash (>=1.0.1 <=1.0.2) +10 more potentially affected by CVE-2024-24815 via ckeditor4 (>=4.14.0 <=4.22.1)
ckeditor4 NPM version =4.14.0, =0.0.1-snapshot.8, =1.0.1, =1.0.0, =1.0.5, =1.0.0, =2.10.93, =2.10.0, =0.0.0, =1.0.36, =1.0.6, =1.0.59 Source cves: CVE-2024-24815 Source advisory: OSV:GHSA-FQ6H-4G8V-QQVM...
GHSA-FQ6H-4G8V-QQVM CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection
Affected packages The vulnerability has been discovered in the core HTML parsing module and may affect all editor instances that: Enabled full-page editing mode, or enabled CDATA elements in Advanced Content Filtering configuration defaults to script and style elements. Impact A potential...
CVE-2024-24816
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...
CVE-2024-24816
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The...