8 matches found
CKEditor < 47.6.0 XSS
The version of CKEditor included on the remote web host prior to 47.6.0. It may, therefore, be affected by a cross-site scripting XSS vulnerability. - CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Prior to version 47.6.0, a cross-site scripting XSS vulnerability has...
UBUNTU-CVE-2026-28343
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially crafted markup, leading to...
CVE-2026-28343
CVE-2026-28343 applies to CKEditor 5 prior to 47.6.0, where the General HTML Support feature allows cross-site scripting (XSS) if an editor instance is configured with unsafe HTML support. The vulnerability arises from inserting specially crafted markup that can lead to unauthorized JavaScript ex...
CVE-2026-28343
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...
CVE-2026-28343 CKEditor: Cross-site scripting (XSS) in the HTML Support package
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...
CVE-2026-28343 CKEditor: Cross-site scripting (XSS) in the HTML Support package
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially craft...
GHSA-JRQM-VMQC-GM93 CKEditor 5 has Cross-site Scripting (XSS) in the HTML Support package
Impact A Cross-Site Scripting XSS vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially crafted markup, leading to unauthorized JavaScript code execution, if the editor instance used an unsafe General HTML Support...
PT-2026-23086
Name of the Vulnerable Software and Affected Versions CKEditor 5 versions prior to 47.6.0 Description CKEditor 5, a JavaScript rich-text editor, contains a cross-site scripting XSS issue within the General HTML Support feature. This issue arises from the insertion of specially crafted markup,...