CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
20.6%
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A
cross-site scripting vulnerability vulnerability has been discovered in
versions prior to 4.24.0-lts in samples that use the preview
feature. All
integrators that use these samples in the production code can be affected.
The vulnerability allows an attacker to execute JavaScript code by abusing
the misconfigured preview feature. It affects all users using the CKEditor
4 at version < 4.24.0-lts with affected samples used in a production
environment. A fix is available in version 4.24.0-lts.
Author | Note |
---|---|
sbeattie | embedded copies of ckeditor are in ldap-account-manager, rt4, and rt5 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | ckeditor | < any | UNKNOWN |
ubuntu | 20.04 | noarch | ckeditor | < any | UNKNOWN |
ubuntu | 22.04 | noarch | ckeditor | < any | UNKNOWN |
ubuntu | 24.04 | noarch | ckeditor | < any | UNKNOWN |
ubuntu | 16.04 | noarch | ckeditor | < any | UNKNOWN |
ubuntu | 18.04 | noarch | ckeditor3 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | ckeditor3 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | ckeditor3 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | ckeditor3 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | ldap-account-manager | < any | UNKNOWN |
github.com/ckeditor/ckeditor4/commit/7518202f0f228ee5549a36ecb7cb880b06ea5add (4.24.0-lts)
github.com/ckeditor/ckeditor4/security/advisories/GHSA-mw2c-vx6j-mg76
launchpad.net/bugs/cve/CVE-2024-24816
nvd.nist.gov/vuln/detail/CVE-2024-24816
security-tracker.debian.org/tracker/CVE-2024-24816
www.cve.org/CVERecord?id=CVE-2024-24816
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
20.6%