Vulnerabilities > Ckeditor

DATE CVE VULNERABILITY TITLE RISK
2021-11-17 CVE-2021-41165 Cross-site Scripting vulnerability in multiple products
CKEditor4 is an open source WYSIWYG HTML editor.
network
low complexity
ckeditor drupal oracle CWE-79
5.4
5.4
2021-11-17 CVE-2021-41164 Cross-site Scripting vulnerability in multiple products
CKEditor4 is an open source WYSIWYG HTML editor.
network
low complexity
ckeditor drupal oracle fedoraproject CWE-79
5.4
5.4
2021-08-13 CVE-2021-37695 Cross-site Scripting vulnerability in multiple products
ckeditor is an open source WYSIWYG HTML editor with rich content support.
network
low complexity
ckeditor debian fedoraproject oracle CWE-79
5.4
5.4
2021-08-12 CVE-2021-32808 Cross-site Scripting vulnerability in multiple products
ckeditor is an open source WYSIWYG HTML editor with rich content support.
network
low complexity
ckeditor fedoraproject oracle CWE-79
5.4
5.4
2021-08-12 CVE-2021-32809 Cross-site Scripting vulnerability in multiple products
ckeditor is an open source WYSIWYG HTML editor with rich content support.
network
low complexity
ckeditor fedoraproject oracle CWE-79
5.4
5.4
2021-06-09 CVE-2021-33829 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.
network
low complexity
ckeditor fedoraproject drupal debian CWE-79
6.1
6.1
2021-04-29 CVE-2021-21391 Resource Exhaustion vulnerability in Ckeditor products
CKEditor 5 provides a WYSIWYG editing solution.
network
low complexity
ckeditor CWE-400
6.5
6.5
2021-01-29 CVE-2021-21254 Resource Exhaustion vulnerability in Ckeditor Ckeditor5
CKEditor 5 is an open source rich text editor framework with a modular architecture.
network
low complexity
ckeditor CWE-400
6.5
6.5
2021-01-26 CVE-2021-26272 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
network
low complexity
ckeditor oracle CWE-829
6.5
6.5
2021-01-26 CVE-2021-26271 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
network
low complexity
ckeditor oracle CWE-829
6.5
6.5