Ckeditor

Ckeditor

24 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2021-37695

  • EPSS 0.4%
  • Published 13.08.2021 00:15:07
  • Last modified 21.11.2024 06:15:43

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed F...

5.4

CVE-2021-32809

  • EPSS 0.21%
  • Published 12.08.2021 17:15:08
  • Last modified 21.11.2024 06:07:47

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionali...

5.4

CVE-2021-32808

  • EPSS 1.22%
  • Published 12.08.2021 17:15:08
  • Last modified 21.11.2024 06:07:47

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malform...

6.1

CVE-2021-33829

  • EPSS 1.14%
  • Published 09.06.2021 12:15:07
  • Last modified 21.11.2024 06:09:38

A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.

6.5

CVE-2021-26272

  • EPSS 0.2%
  • Published 26.01.2021 21:15:12
  • Last modified 21.11.2024 05:56:00

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).

6.5

CVE-2021-26271

  • EPSS 0.64%
  • Published 26.01.2021 21:15:12
  • Last modified 21.11.2024 05:56:00

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).

6.1

CVE-2020-27193

  • EPSS 0.91%
  • Published 12.11.2020 21:15:11
  • Last modified 21.11.2024 05:20:50

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.

6.1

CVE-2020-9440

  • EPSS 0.49%
  • Published 10.03.2020 17:15:13
  • Last modified 21.11.2024 05:40:38

A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor.

6.1

CVE-2020-9281

  • EPSS 0.77%
  • Published 07.03.2020 01:15:15
  • Last modified 21.11.2024 05:40:20

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).

7.5

CVE-2011-4972

  • EPSS 0.91%
  • Published 13.11.2019 21:15:11
  • Last modified 21.11.2024 01:33:23

hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request.