VYPR

Ckeditor4

by Fckeditor

npm: ckeditor4

Source repositories

CVEs (12)

  • CVE-2024-43411LowAug 21, 2024
    risk 0.13cvss 3.1epss 0.00

    CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially…

  • CVE-2024-43407Aug 21, 2024
    risk 0.00cvss epss 0.00

    CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by…

  • CVE-2024-24816Feb 7, 2024
    risk 0.00cvss epss 0.02

    CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code…

  • CVE-2024-24815Feb 7, 2024
    risk 0.00cvss epss 0.01

    CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or…

  • CVE-2023-28439Mar 22, 2023
    risk 0.00cvss epss 0.01

    CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the…

  • CVE-2022-24729Mar 16, 2022
    risk 0.00cvss epss 0.02

    CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop…

  • CVE-2022-24728Mar 16, 2022
    risk 0.00cvss epss 0.01

    CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing…

  • CVE-2021-41165Nov 17, 2021
    risk 0.00cvss epss 0.01

    CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization,…

  • CVE-2021-41164Nov 17, 2021
    risk 0.00cvss epss 0.01

    CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization,…

  • CVE-2021-37695Aug 12, 2021
    risk 0.00cvss epss 0.01

    ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could…

  • CVE-2021-32809Aug 12, 2021
    risk 0.00cvss epss 0.01

    ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML,…

  • CVE-2021-32808Aug 12, 2021
    risk 0.00cvss epss 0.01

    ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could…