Vulnerabilities > Ckeditor
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-13 | CVE-2022-48110 | Cross-site Scripting vulnerability in Ckeditor 35.4.0 ** DISPUTED ** CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. | 6.1 |
| 2022-03-16 | CVE-2022-24729 | Resource Exhaustion vulnerability in multiple products CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. | 7.5 |
| 2022-03-16 | CVE-2022-24728 | Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. | 5.4 |
| 2021-11-17 | CVE-2021-41165 | Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source WYSIWYG HTML editor. | 5.4 |
| 2021-11-17 | CVE-2021-41164 | Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source WYSIWYG HTML editor. | 5.4 |
| 2021-08-13 | CVE-2021-37695 | Cross-site Scripting vulnerability in multiple products ckeditor is an open source WYSIWYG HTML editor with rich content support. | 3.5 |
| 2021-08-12 | CVE-2021-32808 | Cross-site Scripting vulnerability in multiple products ckeditor is an open source WYSIWYG HTML editor with rich content support. | 3.5 |
| 2021-08-12 | CVE-2021-32809 | Cross-site Scripting vulnerability in multiple products ckeditor is an open source WYSIWYG HTML editor with rich content support. | 3.5 |
| 2021-06-09 | CVE-2021-33829 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled. | 4.3 |
| 2021-04-29 | CVE-2021-21391 | Resource Exhaustion vulnerability in Ckeditor products CKEditor 5 provides a WYSIWYG editing solution. | 4.3 |