4 matches found
CVE-2021-21254
CVE-2021-21254 affects CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) versions ≤ 24.0.0. A ReDoS vulnerability arises from the plugin’s link-recognition regex, enabling significant performance degradation and browser tab freezes. The issue is fixed in version 25.0.0, with advisorie...
CVE-2024-45613
CVE-2024-45613 affects CKEditor 5 (clipboard package) with versions 40.0.0 up to but not including 43.1.1. The XSS vulnerability requires a very specific editor configuration: the Block Toolbar plugin must be enabled and either General HTML Support (with unsafe markup) or HTML Embed also enabled....
CVE-2026-28343
CVE-2026-28343 applies to CKEditor 5 prior to 47.6.0, where the General HTML Support feature allows cross-site scripting (XSS) if an editor instance is configured with unsafe HTML support. The vulnerability arises from inserting specially crafted markup that can lead to unauthorized JavaScript ex...
CVE-2025-61261
CVE-2025-61261 is a reflected XSS vulnerability affecting CKEditor 46.1.0 (CKEditor 5) when used with Angular 18.0.0. The issue enables an attacker-supplied payload to execute in the user’s browser context (impact: partial in some documents; CVSS 3.1 base score 5.4). Affected component is CKEdito...