Lucene search
K
CkeditorCkeditor5

4 matches found

CVE
CVE
added 2021/01/29 9:55 p.m.79 views

CVE-2021-21254

CVE-2021-21254 affects CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) versions ≤ 24.0.0. A ReDoS vulnerability arises from the plugin’s link-recognition regex, enabling significant performance degradation and browser tab freezes. The issue is fixed in version 25.0.0, with advisorie...

6.5CVSS6.2AI score0.01792EPSS
CVE
CVE
added 2024/09/25 1:27 p.m.70 views

CVE-2024-45613

CVE-2024-45613 affects CKEditor 5 (clipboard package) with versions 40.0.0 up to but not including 43.1.1. The XSS vulnerability requires a very specific editor configuration: the Block Toolbar plugin must be enabled and either General HTML Support (with unsafe markup) or HTML Embed also enabled....

6.1CVSS5.8AI score0.00478EPSS
CVE
CVE
added 2026/03/05 7:42 p.m.37 views

CVE-2026-28343

CVE-2026-28343 applies to CKEditor 5 prior to 47.6.0, where the General HTML Support feature allows cross-site scripting (XSS) if an editor instance is configured with unsafe HTML support. The vulnerability arises from inserting specially crafted markup that can lead to unauthorized JavaScript ex...

6.4CVSS5.6AI score0.00268EPSS
CVE
CVE
added 2025/11/07 12:0 a.m.23 views

CVE-2025-61261

CVE-2025-61261 is a reflected XSS vulnerability affecting CKEditor 46.1.0 (CKEditor 5) when used with Angular 18.0.0. The issue enables an attacker-supplied payload to execute in the user’s browser context (impact: partial in some documents; CVSS 3.1 base score 5.4). Affected component is CKEdito...

5.4CVSS5.9AI score0.0026EPSS