Ckeditor
This hub aggregates every CVE we track for Ckeditor, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
28
CVEs tracked
1
Critical
6
High
0
In CISA KEV
Severity distribution
MEDIUM21HIGH6CRITICAL1
Monthly trend
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Ckeditor.
- CVE-2024-45613CKEditor 5 has Cross-site Scripting vulnerability in the clipboard package6.1
- CVE-2024-43407Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability6.1
- CVE-2024-24816Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature6.1
- CVE-2024-24815CKEditor4 Cross-site scripting (XSS) vulnerability caused by incorrect CDATA detection6.1
- CVE-2023-4771Cross-Site Scripting vulnerability in CKSource CKEditor6.1
- CVE-2023-31541A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the s...9.8
- CVE-2023-28439ckeditor4 plugins vulnerable to cross-site scripting caused by the editor instance destroying process4.7
- CVE-2022-48110CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerabili...6.1
- CVE-2022-24728Cross-site Scripting in CKEditor45.4
- CVE-2022-24729Regular expression Denial of Service in dialog plugin6.5
- CVE-2021-41165HTML comments vulnerability allowing to execute JavaScript code8.2
- CVE-2021-41164Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML8.2
- CVE-2021-37695Execution of JavaScript code using malformed HTML in ckeditor7.3
- CVE-2021-32809Arbitrary HTML injection vulnerability in ckeditor4.6
- CVE-2021-32808Cross-site scripting in ckeditor via abuse of undo functionality7.6
Product normalization is registry-driven with AI assist and human review. How it works