Latest ckeditor ckeditor Vulnerabilities

CVE-2024-24816
Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature
npm/ckeditor4<4.24.0-lts
Ckeditor Ckeditor>=4.0<4.24.0
CVE-2024-24815
CKEditor4 Cross-site scripting (XSS) vulnerability caused by incorrect CDATA detection
composer/ckeditor/ckeditor<4.24.0
npm/ckeditor4<4.24.0-lts
Ckeditor Ckeditor>=4.0<4.24.0
>=4.0<4.24.0
CVE-2023-31541
A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.
Ckeditor Ckeditor=1.2.3
CVE-2023-28439
ckeditor4 plugins vulnerable to cross-site scripting caused by the editor instance destroying process
Ckeditor Ckeditor>=4.0<4.21.0
Fedoraproject Fedora=37
Fedoraproject Fedora=38
Fedoraproject Fedora=39
CVE-2022-48110
** DISPUTED ** CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a...
Ckeditor Ckeditor=35.4.0
=35.4.0
CVE-2022-24729
CKEditor is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the dialog plugin. By sending a specially-crafted regex input, a remote attacker could e...
Ckeditor Ckeditor>=4.0<4.18.0
Drupal Drupal>=8.0.0<9.2.15
Drupal Drupal>=9.3.0<9.3.8
Oracle Application Express<22.1.1
Oracle Commerce Merchandising=11.3.2
Oracle Financial Services Analytical Applications Infrastructure>=8.0.7.0.0<=8.1.0.0.0
and 14 more
CVE-2022-24728
CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a...
Ckeditor Ckeditor>=4.0<4.18.0
Drupal Drupal>=8.0.0<9.2.15
Drupal Drupal>=9.3.0<9.3.8
Oracle Application Express<22.1.1
Oracle Commerce Merchandising=11.3.2
Oracle Financial Services Analytical Applications Infrastructure>=8.0.7.0.0<=8.1.0.0.0
and 14 more
CVE-2021-41165
### Affected packages The vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. ### Impact A potential vulnerability has been discovered ...
Ckeditor Ckeditor<4.17.0
Drupal Drupal>=8.9.0<8.9.20
Drupal Drupal>=9.1.0<9.1.14
Drupal Drupal>=9.2.0<9.2.9
Oracle Agile Product Lifecycle Management=9.3.6
Oracle Application Express<22.1
and 19 more
CVE-2021-41164
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The...
Ckeditor Ckeditor>=4.0<4.17.0
Drupal Drupal>=8.9.0<8.9.20
Drupal Drupal>=9.1.0<9.1.14
Drupal Drupal>=9.2.0<9.2.9
Oracle Banking Apis>=18.1<=18.3
Oracle Banking Apis=19.1
and 19 more
CVE-2021-37695
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) packag...
Ckeditor Ckeditor<4.16.2
Debian Debian Linux=9.0
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Oracle Application Express<21.1.4
and 14 more
CVE-2021-32809
CKEditor is vulnerable to HTML injection. A remote authenticated attacker could inject malicious HTML code into the editor, which when viewed, would abuse the paste functionality and executed in the v...
Ckeditor Ckeditor>=4.5.2<4.16.2
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Oracle Application Express<21.1.4
Oracle Banking Party Management=2.7.0
and 9 more
CVE-2021-32808
CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the clipboard Widget plugin if used alongside the undo feature. A remote attacker could exploit ...
Ckeditor Ckeditor>=4.13.0<4.16.2
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Oracle Application Express<21.1.4
Oracle Banking Party Management=2.7.0
and 14 more
CVE-2021-33829
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted c...
composer/drupal/drupal>=7.0.0<7.80>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.9.0>=8.9.0<8.9.16>=9.0.0<9.0.14>=9.1.0<9.1.9
composer/drupal/core>=7.0.0<7.80>=8.0.0<8.1.0>=8.1.0<8.2.0>=8.2.0<8.3.0>=8.3.0<8.4.0>=8.4.0<8.5.0>=8.5.0<8.6.0>=8.6.0<8.7.0>=8.7.0<8.8.0>=8.8.0<8.9.0>=8.9.0<8.9.16>=9.0.0<9.0.14>=9.1.0<9.1.9
Ckeditor Ckeditor>=4.14.0<4.16.1
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 15 more
CVE-2021-26271
CKEditor is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the Advanced Tab for Dialogs plugin. By persuading a victim to paste specially-crafted t...
Ckeditor Ckeditor>=4.0<4.16
Oracle Agile PLM=9.3.5
Oracle Agile PLM=9.3.6
Oracle Application Express<21.1.0
Oracle Financial Services Analytical Applications Infrastructure>=8.0.6<=8.0.9
Oracle Financial Services Analytical Applications Infrastructure=8.1.0
and 19 more
CVE-2020-27193
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML cod...
Ckeditor Ckeditor=4.15.0
Oracle Agile PLM=9.3.5
Oracle Agile PLM=9.3.6
Oracle Application Express<21.1.0.00.01
Oracle Banking Party Management=2.7.0
Oracle Banking Platform=2.4.0
and 19 more
CVE-2020-9440
jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the HTML() function. A remote attacker could exploit this vulnerability to execute script in a vic...
Ckeditor Ckeditor=4.0
Webspellchecker Webspellchecker<=5.5.7.5
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
CVE-2020-9281
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with th...
Ckeditor Ckeditor>=4.0<4.14
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Drupal Drupal>=8.7.0<8.7.12
Drupal Drupal>=8.8.0<8.8.4
and 20 more
CVE-2011-4972
hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request.
Ckeditor Ckeditor=7.x-1.4
CVE-2018-17960
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
composer/typo3/cms>=8.0.0<8.7.21>=9.0.0<9.5.2
composer/typo3/cms-core>=8.0.0<8.7.21>=9.0.0<9.5.2
Ckeditor Ckeditor>=4.0<4.11.0
composer/typo3/cms>=9.0.0<9.5.2
composer/typo3/cms>=8.0.0<8.7.21
composer/typo3/cms-core>=9.0.0<9.5.2
and 4 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203