CVE-2023-4771

CVE-2023-4771 is a CKEditor XSS vulnerability affecting CKEditor 4.x (notably versions 4.15.1 and earlier) where an attacker could inject JavaScript via the /ckeditor/samples/old/ajax.html sample to access an authorized user’s data. The CVSS base score is 6.1 (CVSSv3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:...

CVE-2015-9349

The vulnerability CVE-2015-9349 affects the WordPress ckeditor-for-wordpress plugin prior to 4.5.3.1, where the built-in (old) file browser exposes a reflected XSS due to insufficient validation of client-side data. Root cause: lack of proper input validation in the web application. Impact: user-...