ckeditor4
npm16 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting ckeditor4page 1 of 1
- CVE-2020-27193MEDIUMCVSS 6.1EG 6.1✓ Fixed in 4.15.12020-11-12
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.
- CVE-2020-9281MEDIUMCVSS 6.1EG 6.1✓ Fixed in 4.14.02020-03-07
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
- CVE-2021-26272MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.16.02021-01-26
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
- CVE-2021-32808HIGHCVSS 7.6EG 7.6✓ Fixed in 4.16.22021-08-12
ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality us…
- CVE-2021-32809MEDIUMCVSS 4.6EG 4.6✓ Fixed in 4.16.22021-08-12
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste …
- CVE-2021-33829MEDIUMCVSS 6.1EG 6.1✓ Fixed in 4.16.12021-06-09
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.
- CVE-2021-37695HIGHCVSS 7.3EG 7.3✓ Fixed in 4.16.22021-08-13
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject …
- CVE-2021-41164HIGHCVSS 8.2EG 8.2✓ Fixed in 4.17.02021-11-17
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malfor…
- CVE-2021-41165HIGHCVSS 8.2EG 8.2✓ Fixed in 4.17.02021-11-17
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed commen…
- CVE-2022-24728MEDIUMCVSS 5.4EG 5.4✓ Fixed in 4.18.02022-03-16
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows so…
- CVE-2022-24729MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.18.02022-03-16
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which c…
- CVE-2023-4771MEDIUMCVSS 6.1EG 6.1✓ Fixed in 4.24.0-lts2023-11-16
A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized us…
- CVE-2024-24815MEDIUMCVSS 6.1EG 6.1✓ Fixed in 4.24.0-lts2024-02-07
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances…
- CVE-2024-24816MEDIUMCVSS 6.1EG 6.1✓ Fixed in 4.24.0-lts2024-02-07
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that us…
- CVE-2024-43407MEDIUMCVSS 6.1EG 6.1✓ Fixed in 4.25.02024-08-21
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi…
- CVE-2024-43411LOWCVSS 3.1EG 3.1✓ Fixed in 4.25.02024-08-21
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over the https://cke4.ckedito…
Check whether ckeditor4 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ckeditor4 CVEs against the assets you own.
Start Free Scan →