Vulnerabilities > Ckeditor > Ckeditor > 4.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2024-24816 | Cross-site Scripting vulnerability in Ckeditor CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. | 6.1 |
| 2023-03-22 | CVE-2023-28439 | Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. | 6.1 |
| 2022-03-16 | CVE-2022-24729 | CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. | 7.5 |
| 2022-03-16 | CVE-2022-24728 | Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. | 5.4 |
| 2021-11-17 | CVE-2021-41165 | Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source WYSIWYG HTML editor. | 5.4 |
| 2021-11-17 | CVE-2021-41164 | Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source WYSIWYG HTML editor. | 5.4 |
| 2021-08-13 | CVE-2021-37695 | Cross-site Scripting vulnerability in multiple products ckeditor is an open source WYSIWYG HTML editor with rich content support. | 5.4 |
| 2021-01-26 | CVE-2021-26272 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin). | 4.3 |
| 2021-01-26 | CVE-2021-26271 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin). | 4.3 |
| 2020-03-07 | CVE-2020-9281 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). | 6.1 |