Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ckeditor ckeditor vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2015-9349
The ckeditor-for-wordpress plugin prior to 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser.
Cksource Ckeditor
9.8
CVSSv3
CVE-2019-9870
plugin.js in the w8tcha oEmbed plugin prior to 2019-03-14 for CKEditor mishandles SCRIPT elements.
Oembed Project Oembed
6.1
CVSSv3
CVE-2018-17960
CKEditor 4.x prior to 4.11.0 allows user-assisted XSS involving a source-mode paste.
Ckeditor Ckeditor
6.1
CVSSv3
CVE-2018-11093
Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 prior to 10.0.1 allows remote malicious users to inject arbitrary web script through a crafted href attribute of a link (A) element.
Ckeditor Ckeditor 5-link
6.1
CVSSv3
CVE-2018-9861
Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 up to and including 4.9.1; fixed in 4.9.2), as used in Drupal 8 prior to 8.4.7 and 8.5.x prior to 8.5.2 and other products, allows remote malicious users to inject ...
Ckeditor Enhanced Image
Drupal Drupal
7.5
CVSSv3
CVE-2016-9182
Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can us...
Exponentcms Exponent Cms 2.4.0
NA
CVE-2014-5191
Cross-site scripting (XSS) vulnerability in the Preview plugin prior to 4.4.3 in CKEditor allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ckeditor Ckeditor 4.4.1
Ckeditor Ckeditor
Ckeditor Ckeditor 4.4.0
NA
CVE-2014-4037
Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor prior to 2.6.11 and previous versions allows remote malicious users to inject arbitrary web script or HTML via an array key in the textinputs[] par...
Ckeditor Fckeditor
NA
CVE-2012-2067
Unspecified vulnerability in the CKeditor module 6.x-2.x prior to 6.x-2.3 and the CKEditor module 6.x-1.x prior to 6.x-1.9 and 7.x-1.x prior to 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote malicious users to execute arbitrar...
Ckeditor Fckeditor 6.x-2.1
Ckeditor Fckeditor 6.x-2.0
Ckeditor Fckeditor 6.x-1.4
Ckeditor Fckeditor 6.x-1.3
Ckeditor Fckeditor 6.x-1.2
Ckeditor Fckeditor 6.x-1.1
Ckeditor Fckeditor 6.x-2.3
Ckeditor Fckeditor 6.x-2.x
Ckeditor Fckeditor 6.x-1.2-1
Ckeditor Fckeditor 6.x-2.2
Ckeditor Fckeditor 6.x-1.x
Ckeditor Ckeditor 6.x-1.7
Ckeditor Ckeditor 6.x-1.6
Ckeditor Ckeditor 6.x-1.x
Ckeditor Ckeditor 6.x-1.0
Ckeditor Ckeditor 7.x-1.0
Ckeditor Ckeditor 7.x-1.x
Ckeditor Ckeditor 6.x-1.5
Ckeditor Ckeditor 6.x-1.4
Ckeditor Ckeditor 7.x-1.6
Ckeditor Ckeditor 7.x-1.5
Ckeditor Ckeditor 6.x-1.1
NA
CVE-2012-2066
Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x prior to 6.x-2.3 and the CKEditor module 6.x-1.x prior to 6.x-1.9 and 7.x-1.x prior to 7.x-1.7 for Drupal allows remote authenticated users or remote malicious users to inject arbitrary web script or HTML vi...
Ckeditor Fckeditor 6.x-2.3
Ckeditor Fckeditor 6.x-2.0
Ckeditor Fckeditor 6.x-1.3
Ckeditor Fckeditor 6.x-1.1
Ckeditor Fckeditor 6.x-2.2
Ckeditor Fckeditor 6.x-1.4
Ckeditor Fckeditor 6.x-1.x
Ckeditor Fckeditor 6.x-2.1
Ckeditor Fckeditor 6.x-2.x
Ckeditor Fckeditor 6.x-1.2-1
Ckeditor Fckeditor 6.x-1.2
Ckeditor Ckeditor 6.x-1.5
Ckeditor Ckeditor 6.x-1.4
Ckeditor Ckeditor 7.x-1.6
Ckeditor Ckeditor 7.x-1.5
Ckeditor Ckeditor 7.x-1.0
Ckeditor Ckeditor 6.x-1.3
Ckeditor Ckeditor 6.x-1.2
Ckeditor Ckeditor 7.x-1.4
Ckeditor Ckeditor 7.x-1.3
Ckeditor Ckeditor 6.x-1.1
Ckeditor Ckeditor 6.x-1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »