Lucene search
K

12 matches found

Tenable Nessus
Tenable Nessus
added 2023/10/23 12:0 a.m.33 views

Ubuntu 16.04 ESM : CKEditor vulnerabilities (USN-5340-2)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5340-2 advisory. USN-5340-1 fixed several vulnerabilities in CKEditor. This update provides the fixes for CVE-2018-9861, CVE-2020-9281, CVE-2021-32809, CVE-2021-33829 and...

7.3CVSS6.6AI score0.04327EPSS
Exploits0References6
NVD
NVD
added 2022/11/02 12:15 p.m.29 views

CVE-2022-39950

An improper neutralization of input during web page generation vulnerability CWE-79 exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via...

8CVSS0.00684EPSS
Exploits0References1
Prion
Prion
added 2022/11/02 12:15 p.m.31 views

Design/Logic Flaw

An improper neutralization of input during web page generation vulnerability CWE-79 exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via...

4.9CVSS5.6AI score0.04327EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2022/11/02 12:0 a.m.27 views

CVE-2022-39950

An improper neutralization of input during web page generation vulnerability CWE-79 exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via...

8CVSS6.5AI score0.00684EPSS
Exploits0References1
Fortinet
Fortinet
added 2022/11/01 12:0 a.m.195 views

FortiManager/FortiAnalyzer - XSS Vulnerability in Report Templates

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiManager and FortiAnalyzer report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor "protected" comment as described in CVE-2020-9281...

4.9CVSS5.7AI score0.04327EPSS
Exploits0Affected Software2
RedhatCVE
RedhatCVE
added 2022/05/21 12:7 a.m.42 views

CVE-2020-9281

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

6.1CVSS3.6AI score0.04327EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2022/03/23 8:57 a.m.62 views

USN-5340-2: CKEditor vulnerabilities

USN-5340-1 fixed several vulnerabilities in CKEditor. This update provides the fixes for CVE-2018-9861, CVE-2020-9281, CVE-2021-32809, CVE-2021-33829 and CVE-2021-37695 for Ubuntu 16.04 ESM. Original advisory details: Kyaw Min Thein discovered that CKEditor incorrectly handled certain inputs. An...

7.3CVSS7AI score0.04327EPSS
Exploits0
OpenVAS
OpenVAS
added 2020/03/29 12:0 a.m.42 views

Fedora: Security Advisory for ckeditor (FEDORA-2020-8d5de93970)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.3AI score
Exploits0References2
OpenVAS
OpenVAS
added 2020/03/29 12:0 a.m.32 views

Fedora: Security Advisory for ckeditor (FEDORA-2020-a832c215bf)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.3AI score
Exploits0References2
NVD
NVD
added 2020/03/07 1:15 a.m.24 views

CVE-2020-9281

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

6.1CVSS5.6AI score0.04327EPSS
Exploits0References9
CVE
CVE
added 2020/03/07 12:2 a.m.1480 views

CVE-2020-9281

CVE-2020-9281 is an XSS in CKEditor’s HTML Data Processor that allows remote script execution via a crafted protected comment (CKEditor syntax cke_protected). Affected are CKEditor 4.0–before 4.14. IBM DOORS/DOORS Web Access bullets include this CVE and note remediation: upgrade to CKEditor 4.17....

6.1CVSS5.4AI score0.04327EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2020/03/07 12:2 a.m.36 views

CVE-2020-9281

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

6AI score0.04327EPSS
Exploits0References9
Rows per page
Query Builder