Lucene search
+L

32 matches found

NVD
NVD
added 2026/07/08 9:16 p.m.9 views

CVE-2026-55596

Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 until 53.1.4, the media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation, allowing a crafted Plate document to set a known video provider while keeping url as...

8.7CVSS0.00241EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/08 8:27 p.m.36 views

CVE-2026-55596 Plate: Media embed provider metadata can bypass URL sanitization and execute iframe JavaScript

Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 until 53.1.4, the media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation, allowing a crafted Plate document to set a known video provider while keeping url as...

8.7CVSS0.00241EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 8:27 p.m.11 views

CVE-2026-55596

Plate is a rich-text editor (with AI and shadcn/ui). Affects versions 53.0.0 through 53.1.4 where the media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation. This allows a crafted Plate document to set a known video provi...

8.7CVSS6AI score0.00241EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56579

Name of the Vulnerable Software and Affected Versions Plate versions 53.0.0 through 53.1.3 Description The media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation. This allows a crafted document to specify a known video...

8.7CVSS6.1AI score0.00241EPSS
Exploits0References8
CVE
CVE
added 2026/07/01 9:2 p.m.18 views

CVE-2026-54720

Silverstripe Framework (PHP) contains an XSS vulnerability in the CMS “Insert media from web” feature, exploitable via a specially crafted embed. The issue affects versions prior to 6.2.2 and is mitigated by upgrading to 6.2.2 or later. The vulnerability stems from the media embed handling and co...

5.4CVSS5.8AI score0.00263EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 9:2 p.m.6 views

CVE-2026-54720 Silverstripe Framework: Possible XSS attack through media embed

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...

5.4CVSS5.9AI score0.00263EPSS
Exploits0References4
Friends Of PHP
Friends Of PHP
added 2026/06/24 2:45 a.m.5 views

CVE-2026-54720 - XSS attack through media embed

More info at https://www.silverstripe.org/download/security-releases/cve-2026-54720...

5.4CVSS5.8AI score0.00263EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.22 views

EUVD-2023-32127

Malicious code in bioql PyPI...

6.1CVSS7AI score0.00725EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-1010091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The...

6.1CVSS6.3AI score0.01917EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:51 a.m.10 views

CVE-2023-28439

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

6.1CVSS6.5AI score0.00725EPSS
Exploits0References1
OSV
OSV
added 2025/02/06 1:26 a.m.5 views

USN-7258-1 ckeditor vulnerabilities

Kevin Backhouse discovered that CKEditor did not properly sanitize HTML content. An attacker could possibly use this issue to perform cross site scripting and obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS...

6.1CVSS6.4AI score0.01652EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/07/15 6:21 p.m.59 views

CVE-2024-40631 Cross-site Scripting (XSS) in media embed element when using custom URL parsers in plate media

Plate media is an open source, rich-text editor for React. Editors that use MediaEmbedElement and pass custom urlParsers to the useMediaState hook may be vulnerable to XSS if a custom parser allows javascript:, data: or vbscript: URLs to be embedded. Editors that do not use urlParsers and consume...

8.1CVSS0.00498EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/15 12:0 a.m.4 views

Plate Security Breach

Plate is a plugin system for Ziad Beyens individual developers to make it easier to build fully functional editors. Plate has a security vulnerability that stems from when the editor uses the MediaEmbedElement component and passes custom urlParsers via the useMediaState hook, if the custom parser...

8.1CVSS6AI score0.00498EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.15 views

Fedora 39 : ckeditor (2023-426b3a500d)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-426b3a500d advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...

6.1CVSS7AI score0.00725EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/04 12:0 a.m.15 views

Fedora 38 : ckeditor (2023-79b5902a52)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-79b5902a52 advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...

6.1CVSS7AI score0.00725EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/04 12:0 a.m.18 views

Fedora 37 : ckeditor (2023-983ff03630)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-983ff03630 advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...

6.1CVSS7AI score0.00725EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/09/07 12:0 a.m.7 views

The vulnerability of the Iframe Dialog and Media Embed functions in CKEditor’s WYSIWYG editor allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the Iframe Dialog and Media Embed functions in the CKEditor WYSIWYG editor is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

6.4CVSS7.2AI score0.00725EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/04/26 3:15 p.m.3 views

UBUNTU-CVE-2022-25276

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...

6.1CVSS5.7AI score0.00526EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/03/28 12:0 a.m.25 views

CKEditor 4.x < 4.21 XSS Vulnerability - Linux

CKEditor 4 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.1CVSS6.2AI score0.00725EPSS
Exploits0References1
NVD
NVD
added 2023/03/22 9:15 p.m.20 views

CVE-2023-28439

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

6.1CVSS5.7AI score0.00725EPSS
Exploits0References6
Rows per page
Query Builder