2 matches found
CVE-2021-21254
CVE-2021-21254 affects CKEditor 5 Markdown plugin (@ckeditor/ckeditor5-markdown-gfm) versions ≤ 24.0.0. A ReDoS vulnerability arises from the plugin’s link-recognition regex, enabling significant performance degradation and browser tab freezes. The issue is fixed in version 25.0.0, with advisorie...
CVE-2026-28343
CVE-2026-28343 applies to CKEditor 5 prior to 47.6.0, where the General HTML Support feature allows cross-site scripting (XSS) if an editor instance is configured with unsafe HTML support. The vulnerability arises from inserting specially crafted markup that can lead to unauthorized JavaScript ex...