CVE-2023-4771 – Cross-Site Scripting vulnerability in CKSource CKEditor
https://notcve.org/view.php?id=CVE-2023-4771
A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information. Se ha encontrado una vulnerabilidad de Cross-Site Scripting en CKSource CKEditor que afecta a las versiones 4.15.1 y anteriores. Un atacante podría enviar código JavaScript malicioso a través del archivo /ckeditor/samples/old/ajax.html y recuperar la información de un usuario autorizado. • https://github.com/sahar042/CVE-2023-4771 https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-cksource-ckeditor • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-9349 – CKEditor for WordPress <= 4.5.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9349
The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser. El plugin ckeditor-for-wordpress antes de 4.5.3.1 para WordPress ha reflejado XSS en el navegador de archivos "built-in (old)". The CKEditor plugin before 4.5.3.1 for WordPress has reflected XSS in the built-in (old) file browser. • https://wordpress.org/plugins/ckeditor-for-wordpress/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •