11 matches found
CVE-2026-28343
A flaw was found in CKEditor. This cross-site scripting XSS vulnerability in the General HTML Support feature allows an attacker to execute unauthorized JavaScript code. This can occur by inserting specially crafted markup if the editor instance is configured with unsafe General HTML Support...
CVE-2026-28343
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...
CVE-2026-28343
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...
UBUNTU-CVE-2026-28343
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...
CVE-2026-28343 CKEditor: Cross-site scripting (XSS) in the HTML Support package
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...
CVE-2026-28343 CKEditor: Cross-site scripting (XSS) in the HTML Support package
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...
CVE-2026-28343
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...
CKEditor 跨站脚本漏洞
CKEditor is an open-source enterprise-level WYSIWYG editor developed by CKEditor. Versions of CKEditor prior to 47.6.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the General HTML Support feature, which allowed cross-site scripting, potentially enabling the...
GHSA-JRQM-VMQC-GM93 CKEditor 5 has Cross-site Scripting (XSS) in the HTML Support package
Impact A Cross-Site Scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially crafted markup, leading to unauthorized JavaScript code execution, if the editor instance used an unsafe General HTML Support...
Cross-site Scripting (XSS)
Overview @ckeditor/ckeditor5-html-support is a HTML Support feature for CKEditor 5. Affected versions of this package are vulnerable to Cross-site Scripting XSS via its unsafe htmlSupport configuration. An attacker can execute unauthorized JavaScript in the editor context by inserting specially...
GHSA-RGG8-G5X8-WR9V Cross-site scripting (XSS) in the clipboard package
Impact During a recent internal audit, we identified a Cross-Site Scripting XSS vulnerability in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious...