Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ckeditor ckeditor vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-42116
A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 up to and including 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote malicious users to inject arbitrary web scri...
Liferay Dxp
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Liferay Portal
6.1
CVSSv3
CVE-2020-13669
Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows malicious user to inject XSS. This issue affects: Drupal Core 8.8.x versions before 8.8.10.; 8.9.x versions before 8.9.6; 9.0.x versions before 9.0.6.
Drupal Drupal
6.1
CVSSv3
CVE-2021-33829
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 up to and including 4.16.x prior to 4.16.1 allows remote malicious users to inject executable JavaScript code through a crafted comment because --!> is mishandled.
Ckeditor Ckeditor
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Drupal Drupal
Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2020-27193
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote malicious users to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.
Ckeditor Ckeditor 4.15.0
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Application Express
Oracle Banking Party Management 2.7.0
Oracle Banking Platform 2.4.0
Oracle Banking Platform 2.7.0
Oracle Banking Platform 2.7.1
Oracle Banking Platform 2.8.0
Oracle Banking Platform 2.9.0
Oracle Commerce Merchandising 11.0.0
Oracle Commerce Merchandising 11.1.0
Oracle Commerce Merchandising 11.2.0
Oracle Commerce Merchandising 11.3.0
Oracle Commerce Merchandising 11.3.1
Oracle Commerce Merchandising 11.3.2
Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Analytical Applications Infrastructure 8.1.0
Oracle Financial Services Analytical Applications Infrastructure 8.1.1
Oracle Jd Edwards Enterpriseone Tools
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Peoplesoft Enterprise Peopletools 8.57
6.1
CVSSv3
CVE-2020-9440
A cross-site scripting (XSS) vulnerability in the WSC plugin up to and including 5.5.7.5 for CKEditor 4 allows remote malicious users to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor.
Ckeditor Ckeditor 4.0
Webspellchecker Webspellchecker
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
6.1
CVSSv3
CVE-2020-9281
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 prior to 4.14 allows remote malicious users to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
Ckeditor Ckeditor
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Drupal Drupal
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Webcenter Portal 12.2.1.3.0
Oracle Webcenter Portal 11.1.1.9.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Webcenter Portal 12.2.1.4.0
Oracle Application Express
Oracle Jd Edwards Enterpriseone Tools
Oracle Siebel Apps - Customer Order Management
Oracle Peoplesoft Enterprise Peopletools -
Oracle Banking Enterprise Default Management 2.12.0
Oracle Banking Enterprise Default Management 2.10.0
Oracle Banking Enterprise Default Managment
Oracle Banking Enterprise Default Management 2.7.0
Oracle Banking Enterprise Default Management 2.7.1
6.1
CVSSv3
CVE-2015-9349
The ckeditor-for-wordpress plugin prior to 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser.
Cksource Ckeditor
6.1
CVSSv3
CVE-2018-17960
CKEditor 4.x prior to 4.11.0 allows user-assisted XSS involving a source-mode paste.
Ckeditor Ckeditor
6.1
CVSSv3
CVE-2018-11093
Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 prior to 10.0.1 allows remote malicious users to inject arbitrary web script through a crafted href attribute of a link (A) element.
Ckeditor Ckeditor 5-link
6.1
CVSSv3
CVE-2018-9861
Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 up to and including 4.9.1; fixed in 4.9.2), as used in Drupal 8 prior to 8.4.7 and 8.5.x prior to 8.5.2 and other products, allows remote malicious users to inject ...
Ckeditor Enhanced Image
Drupal Drupal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »