Ckeditor@* Security Vulnerabilities and Issues — Ckeditor@* CVE List

Lucene search

CkeditorCkeditor*

17 matches found

CVE•added 2020/03/07 1:15 a.m.•1444 views

CVE-2020-9281

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).

6.1CVSS5.4AI score0.00693EPSS

CVE•added 2018/11/14 8:29 p.m.•1138 views

CVE-2018-17960

CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.

6.1CVSS5.9AI score0.01502EPSS

CVE•added 2021/01/26 9:15 p.m.•621 views

CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).

6.5CVSS6.6AI score0.00203EPSS

CVE•added 2022/03/16 5:15 p.m.•568 views

CVE-2022-24729

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the dialog plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser...

7.5CVSS6.7AI score0.0038EPSS

CVE•added 2021/01/26 9:15 p.m.•538 views

CVE-2021-26271

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).

6.5CVSS6.6AI score0.00639EPSS

CVE•added 2022/03/16 4:15 p.m.•489 views

CVE-2022-24728

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitizatio...

5.4CVSS5.9AI score0.00656EPSS

CVE•added 2021/11/17 7:15 p.m.•448 views

CVE-2021-41164

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result ...

8.2CVSS6.2AI score0.00051EPSS

CVE•added 2023/03/22 9:15 p.m.•408 views

CVE-2023-28439

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages on...

6.1CVSS5.7AI score0.00238EPSS

CVE•added 2021/08/12 5:15 p.m.•361 views

CVE-2021-32809

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Clipboard package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It af...

5.4CVSS5.8AI score0.00207EPSS

CVE•added 2021/08/13 12:15 a.m.•312 views

CVE-2021-37695

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Fake Objects package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using th...

7.3CVSS6AI score0.00401EPSS

CVE•added 2021/06/09 12:15 p.m.•292 views

CVE-2021-33829

A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.

6.1CVSS5.7AI score0.00698EPSS

CVE•added 2024/02/07 5:15 p.m.•264 views

CVE-2024-24816

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The vu...

6.1CVSS5.7AI score0.21584EPSS

CVE•added 2021/08/12 5:15 p.m.•237 views

CVE-2021-32808

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing J...

7.6CVSS6.1AI score0.01222EPSS

CVE•added 2024/02/07 4:15 p.m.•224 views

CVE-2024-24815

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elemen...

6.1CVSS5.9AI score0.00117EPSS

CVE•added 2021/11/17 8:15 p.m.•199 views

CVE-2021-41165

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result i...

8.2CVSS6.2AI score0.00089EPSS

CVE•added 2014/08/07 11:13 a.m.•92 views

CVE-2014-5191

Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.6AI score0.00296EPSS

CVE•added 2024/08/21 3:15 p.m.•92 views

CVE-2024-43407

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSHi ...

6.1CVSS6.4AI score0.00267EPSS