4 matches found
CVE-2025-25299
creationtimestamp| type| source ---|---|--- 2025-02-20 23:01:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3linfhqq2ds2p 2025-02-20 23:12:09+00:00| seen| https://t.me/cvedetector/18602...
@authorium/ckeditor5-build-multi-root (>=41.3.1 <=41.4.2), @eagerworks/ckeditor5-build-multi-root (>=41.4.2 <=41.4.2-auth.3) +8 more potentially affected by CVE-2025-25299 via @ckeditor/ckeditor5-real-time-collaboration (>=41.3.1 <=44.2.1-alpha.0)
@ckeditor/ckeditor5-real-time-collaboration NPM version =41.3.1, =41.3.1, =41.4.2, =1.0.1, =4.0.45, =18.0.20, =0.0.8, =41.4.0, =1.0.8, =1.0.10 - htmljs-code =44.0.30 - markdownvue3demo =0.0.1 Source cves: CVE-2025-25299 Source advisory: OSV:GHSA-J3MM-WMFM-MWVH...
CVE-2025-25299
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting XSS vulnerability was discovered in the CKEditor 5 real-time collaboration package. This vulnerability affects user markers, which represent users' positions within...
CVE-2025-25299 Cross-site scripting (XSS) in the real-time collaboration package
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting XSS vulnerability was discovered in the CKEditor 5 real-time collaboration package. This vulnerability affects user markers, which represent users' positions within...