Browse all 3 CVE security advisories affecting CKSource. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CKSource develops the CKEditor, a widely used WYSIWYG HTML editor integrated into content management systems and web applications. Historically, vulnerabilities have commonly included cross-site scripting (XSS) due to improper input sanitization, remote code execution (RCE) through crafted content, and privilege escalation flaws in administrative interfaces. The company maintains a moderate security posture with three CVEs on record, primarily addressing XSS and RCE issues in editor components. While no major security incidents have been publicly documented, the persistent occurrence of XSS vulnerabilities highlights the importance of proper input validation and content filtering implementations in web environments using their products.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2016-20023 | CKSource CKFinder 安全漏洞 — CKFinderCWE-23 | 5.0 | Medium | 2025-12-05 |
| CVE-2023-4771 | Cross-Site Scripting vulnerability in CKSource CKEditor — CKEditorCWE-79 | 6.1 | Medium | 2023-11-16 |
| CVE-2011-4972 | CKEditor 信息泄露漏洞 — CKEditor Drupal module | 7.5 | - | 2019-11-13 |
This page lists every published CVE security advisory associated with CKSource. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.