Moderate severityNVD Advisory· Published Nov 16, 2023· Updated Oct 1, 2024
Cross-Site Scripting vulnerability in CKSource CKEditor
CVE-2023-4771
Description
A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ckeditor4npm | < 4.24.0-lts | 4.24.0-lts |
Affected products
2- CKSource/CKEditorv5Range: 0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-wh5w-82f3-wrxhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-4771ghsaADVISORY
- github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cbghsaWEB
- github.com/ckeditor/ckeditor4/security/advisories/GHSA-wh5w-82f3-wrxhghsaWEB
- www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-cksource-ckeditorghsaWEB
News mentions
0No linked articles in our index yet.