CVSS: 6.4EPSS: 8%CPEs: 1EXPL: 1CVE-2023-4771 – Cross-Site Scripting vulnerability in CKSource CKEditor
https://notcve.org/view.php?id=CVE-2023-4771
16 Nov 2023 — A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information. Se ha encontrado una vulnerabilidad de Cross-Site Scripting en CKSource CKEditor que afecta a las versiones 4.15.1 y anteriores. Un atacante podría enviar código JavaScript malicioso a través del archivo /ckeditor/samples/old/ajax.html y recuperar la info... • https://github.com/sahar042/CVE-2023-4771 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 8%CPEs: 1EXPL: 2CVE-2023-31541
https://notcve.org/view.php?id=CVE-2023-31541
13 Jun 2023 — A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server. • https://github.com/DreamD2v/CVE-2023-31541 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.2EPSS: 0%CPEs: 21EXPL: 0CVE-2021-41165 – HTML comments vulnerability allowing to execute JavaScript code
https://notcve.org/view.php?id=CVE-2021-41165
17 Nov 2021 — CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. • https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 18EXPL: 0CVE-2021-37695 – Execution of JavaScript code using malformed HTML in ckeditor
https://notcve.org/view.php?id=CVE-2021-37695
12 Aug 2021 — ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. • https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9349 – CKEditor for WordPress <= 4.5.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9349
31 Aug 2015 — The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser. El plugin ckeditor-for-wordpress antes de 4.5.3.1 para WordPress ha reflejado XSS en el navegador de archivos "built-in (old)". The CKEditor plugin before 4.5.3.1 for WordPress has reflected XSS in the built-in (old) file browser. • https://wordpress.org/plugins/ckeditor-for-wordpress/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-5191
https://notcve.org/view.php?id=CVE-2014-5191
07 Aug 2014 — Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el plugin Preview anterior a 4.4.3 en CKEditor permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://ckeditor.com/node/136981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •