2 matches found
CVE-2025-6674 CKEditor5 Youtube - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-081
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting XSS.This issue affects CKEditor5 Youtube: from 0.0.0 before 1.0.3...
CVE-2025-6674
CVE-2025-6674 affects the Drupal CKEditor5 Youtube plugin. The issue is improper input neutralization that enables Cross-site Scripting (XSS) through the YouTube embedding workflow. Affected versions are CKEditor5 Youtube 0.0.0 through 1.0.2; remediation is to update to 1.0.3 or later. Severity i...