CVE-2026-28343

CVE-2026-28343 applies to CKEditor 5 prior to 47.6.0, where the General HTML Support feature allows cross-site scripting (XSS) if an editor instance is configured with unsafe HTML support. The vulnerability arises from inserting specially crafted markup that can lead to unauthorized JavaScript ex...

PT-2026-23086

Name of the Vulnerable Software and Affected Versions CKEditor 5 versions prior to 47.6.0 Description CKEditor 5, a JavaScript rich-text editor, contains a cross-site scripting XSS issue within the General HTML Support feature. This issue arises from the insertion of specially crafted markup,...