38 matches found
EUVD-2021-1044
Malware in sbrugna...
EUVD-2018-10889
Malware in sbrugna...
EUVD-2025-26646
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-31175
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions...
CVE-2025-58064
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting XSS vulnerability. Ability to exploit could be triggered by a specific user action leading to...
CVE-2025-58064
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting XSS vulnerability. Ability to exploit could be triggered by a specific user action leading to...
Cross-site Scripting (XSS)
Overview @ckeditor/ckeditor5-clipboard is a Clipboard integration feature for CKEditor 5. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the viewToPlainText function in the utils/viewtoplaintext.ts file. An attacker can execute unauthorized JavaScript code by...
CVE-2025-58064 CKEditor is susceptible to Cross-Site Scripting (XSS) through its clipboard package
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting XSS vulnerability. Ability to exploit could be triggered by a specific user action leading to...
CVE-2025-58064 CKEditor is susceptible to Cross-Site Scripting (XSS) through its clipboard package
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting XSS vulnerability. Ability to exploit could be triggered by a specific user action leading to...
CKEditor 5 cross-site scripting (XSS) vulnerability in the clipboard package
Impact A Cross-Site Scripting XSS vulnerability has been discovered in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which...
PT-2025-35839
Name of the Vulnerable Software and Affected Versions: ckeditor5 versions 44.2.0 through 45.2.1 ckeditor5 versions 46.0.0 through 46.0.2 ckeditor5-clipboard versions 44.2.0 through 45.2.1 ckeditor5-clipboard versions 46.0.0 through 46.0.2 Description: CKEditor 5 is a modern JavaScript rich-text...
GHSA-RGG8-G5X8-WR9V Cross-site scripting (XSS) in the clipboard package
Impact During a recent internal audit, we identified a Cross-Site Scripting XSS vulnerability in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious...
CVE-2024-45613
CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting XSS vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code...
CVE-2024-45613 CKEditor 5 has Cross-site Scripting vulnerability in the clipboard package
CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting XSS vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code...
PT-2024-31709 · Unknown · Ckeditor 5
Name of the Vulnerable Software and Affected Versions: CKEditor 5 versions 40.0.0 through 43.1.1 Description: A Cross-Site Scripting XSS issue is present in the CKEditor 5 clipboard package, which could be triggered by a specific user action, leading to unauthorized JavaScript code execution if a...
CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)
Exploit Title: CKEditor 5 35.4.0 - Cross-Site Scripting XSS Google Dork: N/A Date: February 09, 2023 Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110 CKSource...
CKEditor 5 35.4.0 - Cross-Site Scripting Vulnerability
Exploit Title: CKEditor 5 35.4.0 - Cross-Site Scripting XSS Exploit Author: Manish Pathak Vendor Homepage: https://cksource.com/ Software Link: https://ckeditor.com/ckeditor-5/download/ Version: 35.4.0 Tested on: Linux / Web CVE : CVE-2022-48110 CKSource CKEditor5 35.4.0 was discovered to contain...
CVE-2022-48110
CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who is addin...
GHSA-42WQ-RCH8-6F6J CKEditor5 cross-site scripting vulnerability caused by the editor instance destroying process
Affected packages @ckeditor/ckeditor5-markdown-gfm @ckeditor/ckeditor5-html-support @ckeditor/ckeditor5-html-embed Impact A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages. The vulnerability allowed to trigger a JavaScript code after fulfillin...
2read-ckeditor5-custom-build (>=25.0.0 <=25.1.2), @8trhieu/ckeditor5-build-classic-custom (>=0.0.1 <=0.0.5) +213 more potentially affected by CVE-2022-31175 via @ckeditor/ckeditor5-html-embed (>=0.0.0-internal-20241017.0 <=34.2.0)
@ckeditor/ckeditor5-html-embed NPM version =0.0.0-internal-20241017.0, =25.0.0, =0.0.1, =1.0.7, =34.1.0, =0.0.0-internal-20241017.0, =0.0.0-internal-20241017.0, =0.0.0-internal-20241017.0, =0.0.0-internal-20241017.0, =0.0.0-internal-20241017.0, =0.0.0-internal-20241017.0,...