Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ckeditor ckeditor vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-30162
Invision Community up to and including 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor\_toolbar::addPlugin() method. This method handles uploaded ZIP files that are extracted into the applications/core/i...
NA
CVE-2023-46694
Vtenext 21.02 allows an authenticated malicious user to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor file manager function...
6.1
CVSSv3
CVE-2024-24816
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions before 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can ...
Ckeditor Ckeditor
1 Github repository
6.1
CVSSv3
CVE-2024-24815
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 before 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or ena...
Ckeditor Ckeditor
7.5
CVSSv3
CVE-2018-25094
A vulnerability was found in ???????????????? Online Accounting System up to 1.4.0 and classified as problematic. This issue affects some unknown processing of the file ckeditor/filemanager/browser/default/image.php. The manipulation of the argument fid with the input ../../../et...
Kotchasan Online Accounting System
6.1
CVSSv3
CVE-2023-4771
A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and previous versions. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information.
Cksource Ckeditor
1 Github repository
6.1
CVSSv3
CVE-2023-37905
ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor. It has been discovered that the `ckeditor-wordcount-plugin` plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. This issue has been addressed in version 1.17...
Ckeditor-wordcount-plugin Project Ckeditor-wordcount-plugin
5.4
CVSSv3
CVE-2023-36477
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents...
Xwiki Xwiki 15.0
Xwiki Xwiki
Xwiki Ckeditor Integration
9.8
CVSSv3
CVE-2023-31541
A unrestricted file upload vulnerability exists in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.
Ckeditor Ckeditor 1.2.3
8.8
CVSSv3
CVE-2023-29209
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full acces...
Xwiki Xwiki
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »