Ckeditor Ckeditor4 vulnerabilities

CVE-2024-43407 [MEDIUM] CWE-79 CVE-2024-43407: CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSHi library was included as a vendor dependency in CKEdito

CVE-2024-43411 [LOW] CWE-79 CVE-2024-43411: CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability ha CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on CKEditor 4 instances. The issue impacts only editor instan

CVE-2024-24816 [MEDIUM] CWE-79 CVE-2024-24816: CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnera CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScrip

CVE-2024-24815 [MEDIUM] CWE-79 CVE-2024-24815: CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnera CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elements in Advanced Content Filtering configuration (defau

CVE-2023-28439 [MEDIUM] CWE-79 CVE-2023-28439: CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnera CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages on a web page with missing proper Content Security Poli

CVE-2022-24729 [MEDIUM] CWE-400 CVE-2022-24729: CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.1 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.

CVE-2022-24728 [MEDIUM] CWE-79 CVE-2022-24728: CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been disco CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. T

CVE-2021-41164 [HIGH] CWE-79 CVE-2021-41164: CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been disco CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users usin

CVE-2021-41165 [HIGH] CWE-79 CVE-2021-41165: CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discov CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using

CVE-2021-37695 [HIGH] CWE-79 CVE-2021-37695: ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEdito

CVE-2021-32808 [HIGH] CWE-79 CVE-2021-32808: ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been d ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor

CVE-2021-32809 [MEDIUM] CWE-94 CVE-2021-32809: ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all