CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17960
https://notcve.org/view.php?id=CVE-2018-17960
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. CKEditor en versiones 4.x anteriores a la 4.11.0 permite Cross-Site Scripting (XSS) ayudado por un usuario relacionado con una operación de pegado en modo origen. • http://www.securityfocus.com/bid/109205 https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released https://ckeditor.com/cke4/release/CKEditor-4.11.0 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-11093
https://notcve.org/view.php?id=CVE-2018-11093
Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element. Vulnerabilidad Cross-Site Scripting (XSS) en el paquete Link de CKEditor 5 en versiones anteriores a la 10.0.1 permite que atacantes remotos inyecten scripts web arbitrarios mediante un atributo href manipulado de un elemento link (A). • https://github.com/ossf-cve-benchmark/CVE-2018-11093 https://ckeditor.com/blog/CKEditor-5-v10.0.1-released https://github.com/ckeditor/ckeditor5-link/blob/master/CHANGELOG.md#1001-2018-05-22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2014-5191
https://notcve.org/view.php?id=CVE-2014-5191
Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el plugin Preview anterior a 4.4.3 en CKEditor permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://ckeditor.com/node/136981 http://secunia.com/advisories/60036 http://www.securityfocus.com/bid/69161 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 1%CPEs: 56EXPL: 0CVE-2012-2067
https://notcve.org/view.php?id=CVE-2012-2067
Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote attackers to execute arbitrary PHP code via the text parameter to a text filter. NOTE: some of these details are obtained from third party information. Vulnerabilidad no especificada en el módulo CKEditor v6.x-2.x anterior a v6.x-2.3 y el módulo CKEditor v6.x-1.x anterior a v6.x-1.9 y v7.x-1.x anterior a v7.x-1.7 para Drupal, cuando el módulo de núcleo de PHP está activado, permite a usuarios remotos autenticados o atacantes remotos ejecutar código PHP arbitrario a través del parámetro de texto a un filtro de texto. NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros • http://drupal.org/node/1482442 http://drupal.org/node/1482466 http://drupal.org/node/1482480 http://drupal.org/node/1482528 http://secunia.com/advisories/48435 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/80080 https://exchange.xforce.ibmcloud.com/vulnerabilities/74037 •
CVSS: 4.3EPSS: 0%CPEs: 56EXPL: 0CVE-2012-2066
https://notcve.org/view.php?id=CVE-2012-2066
Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de código en sitios cruzados (XSS) en el módulo FCKeditor v6.x-2.x anterior a v6.x-2.3 y el módulo CKEditor v6.x-1.x anterior a v6.x-1.9 y v77.x-1.x anterior a v7.x-1.7 para Drupal permite a usuarios remotos autenticados o atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1482442 http://drupal.org/node/1482466 http://drupal.org/node/1482480 http://drupal.org/node/1482528 http://secunia.com/advisories/48435 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/80079 https://exchange.xforce.ibmcloud.com/vulnerabilities/74036 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •