7 matches found
Fedora 36 : ckeditor (2022-b61dfd219b)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-b61dfd219b advisory. CKEditor 4.20 New Features: 5084: Added the config.tabletoolsscopedHeaders configuration option controlling the behaviour of table headers with and...
Drupal 9.3.x < 9.3.8 Third-Party Library Vulnerability
According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.15 or 9.3.x prior to 9.3.8. It is, therefore, affected by multiple vulnerabilities due to its usage of a third party component, CKEditor, for WYSIWYG editing: - A vulnerability ha...
ferris-rich-input (=0.0.1) potentially affected by CVE-2022-24728 +1 more via ckeditor4 (=4.14.0)
ckeditor4 NPM version =4.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on ckeditor4 and may be impacted: - ferris-rich-input =0.0.1 Source cves: CVE-2022-24728, CVE-2022-24729 Source advisory: OSV:GHSA-4FC4-4P5G-6W89...
CVE-2022-24728 Cross-site Scripting in CKEditor4
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content...
CVE-2022-24728 Cross-site Scripting in CKEditor4
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content...
Drupal 9.2.x < 9.2.15 / 9.3.x < 9.3.8 Multiple Vulnerabilities (drupal-2022-03-16)
According to its self-reported version, the instance of Drupal running on the remote web server is 9.2.x prior to 9.2.15 or 9.3.x prior to 9.3.8. It is, therefore, affected by multiple vulnerabilities. - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to...
CVE-2022-24728
CKEditor4 core HTML processing vulnerability (CVE-2022-24728) allows injecting malformed HTML that bypasses sanitization, potentially enabling JavaScript execution in CKEditor 4 plugins. A fix is available in version 4.18.0; versions prior to 4.18.0 are affected. No public workarounds are provide...