VYPR
Moderate severityNVD Advisory· Published Mar 16, 2022· Updated Apr 23, 2025

Cross-site Scripting in CKEditor4

CVE-2022-24728

Description

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ckeditor4npm
< 4.18.04.18.0

Affected products

3

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.