Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ckeditor — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting ckeditor. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CKEditor serves as a WYSIWYG text editor component integrated into web applications for content creation. Historically, it has been susceptible to cross-site scripting (XSS) vulnerabilities due to improper input sanitization, with several instances allowing remote code execution (RCE) through crafted payloads. Privilege escalation vulnerabilities have also been documented in certain versions. The project maintains a security-focused approach, with regular updates addressing identified flaws. While 19 CVEs exist on record, most relate to older versions; recent releases demonstrate improved security practices. The editor's extensive customization options and third-party plugin ecosystem introduce additional potential attack surfaces requiring careful configuration and maintenance to mitigate risks.

Found 12 results / 19Clear Filters
Top products by ckeditor: ckeditor4 ckeditor5
CVE IDTitleCVSSSeverityPublished
CVE-2024-43411 CKEditor4 has a low risk cross-site scripting (XSS) vulnerability from domain takeover — ckeditor4CWE-79 3.1 Low2024-08-21
CVE-2024-43407 Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability — ckeditor4CWE-79 6.1 Medium2024-08-21
CVE-2024-24816 Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature — ckeditor4CWE-79 6.1 Medium2024-02-07
CVE-2024-24815 CKEditor4 Cross-site scripting (XSS) vulnerability caused by incorrect CDATA detection — ckeditor4CWE-79 6.1 Medium2024-02-07
CVE-2023-28439 ckeditor4 plugins vulnerable to cross-site scripting caused by the editor instance destroying process — ckeditor4CWE-79 4.7 Medium2023-03-22
CVE-2022-24728 Cross-site Scripting in CKEditor4 — ckeditor4CWE-79 5.4 Medium2022-03-16
CVE-2022-24729 Regular expression Denial of Service in dialog plugin — ckeditor4CWE-400 6.5 Medium2022-03-16
CVE-2021-41165 HTML comments vulnerability allowing to execute JavaScript code — ckeditor4CWE-79 8.2 High2021-11-17
CVE-2021-41164 Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML — ckeditor4CWE-79 8.2 High2021-11-17
CVE-2021-37695 Execution of JavaScript code using malformed HTML in ckeditor — ckeditor4CWE-79 7.3 High2021-08-12
CVE-2021-32809 Arbitrary HTML injection vulnerability in ckeditor — ckeditor4CWE-94 4.6 Medium2021-08-12
CVE-2021-32808 Cross-site scripting in ckeditor via abuse of undo functionality — ckeditor4CWE-79 7.6 High2021-08-12

This page lists every published CVE security advisory associated with ckeditor. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.