Vulnerabilities > Ckeditor

DATE CVE VULNERABILITY TITLE RISK
2021-08-13 CVE-2021-37695 Cross-site Scripting vulnerability in Ckeditor
ckeditor is an open source WYSIWYG HTML editor with rich content support.
network
ckeditor CWE-79
3.5
2021-08-12 CVE-2021-32808 Cross-site Scripting vulnerability in Ckeditor
ckeditor is an open source WYSIWYG HTML editor with rich content support.
network
ckeditor CWE-79
3.5
2021-08-12 CVE-2021-32809 Code Injection vulnerability in Ckeditor
ckeditor is an open source WYSIWYG HTML editor with rich content support.
network
ckeditor CWE-94
3.5
2021-06-09 CVE-2021-33829 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.
4.3
2021-04-29 CVE-2021-21391 Resource Exhaustion vulnerability in Ckeditor products
CKEditor 5 provides a WYSIWYG editing solution.
network
ckeditor CWE-400
4.3
2021-01-29 CVE-2021-21254 Resource Exhaustion vulnerability in Ckeditor 5 10.0.1
CKEditor 5 is an open source rich text editor framework with a modular architecture.
network
low complexity
ckeditor CWE-400
4.0
2021-01-26 CVE-2021-26272 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ckeditor
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
network
ckeditor CWE-829
4.3
2021-01-26 CVE-2021-26271 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ckeditor
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
network
ckeditor CWE-829
4.3
2020-11-12 CVE-2020-27193 Cross-site Scripting vulnerability in Ckeditor 4.15.0
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.
network
ckeditor CWE-79
4.3
2020-03-10 CVE-2020-9440 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor.
4.3