Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ckeditor ckeditor vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2011-4972
hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote malicious users to read private files via a direct request.
Ckeditor Ckeditor 7.x-1.4
383
VMScore
CVE-2015-9349
The ckeditor-for-wordpress plugin prior to 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser.
Cksource Ckeditor
668
VMScore
CVE-2019-9870
plugin.js in the w8tcha oEmbed plugin prior to 2019-03-14 for CKEditor mishandles SCRIPT elements.
Oembed Project Oembed
383
VMScore
CVE-2018-17960
CKEditor 4.x prior to 4.11.0 allows user-assisted XSS involving a source-mode paste.
Ckeditor Ckeditor
383
VMScore
CVE-2018-11093
Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 prior to 10.0.1 allows remote malicious users to inject arbitrary web script through a crafted href attribute of a link (A) element.
Ckeditor Ckeditor 5-link
383
VMScore
CVE-2018-9861
Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 up to and including 4.9.1; fixed in 4.9.2), as used in Drupal 8 prior to 8.4.7 and 8.5.x prior to 8.5.2 and other products, allows remote malicious users to inject ...
Ckeditor Enhanced Image
Drupal Drupal
445
VMScore
CVE-2016-9182
Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can us...
Exponentcms Exponent Cms 2.4.0
383
VMScore
CVE-2014-5191
Cross-site scripting (XSS) vulnerability in the Preview plugin prior to 4.4.3 in CKEditor allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Ckeditor Ckeditor 4.4.1
Ckeditor Ckeditor
Ckeditor Ckeditor 4.4.0
383
VMScore
CVE-2014-4037
Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor prior to 2.6.11 and previous versions allows remote malicious users to inject arbitrary web script or HTML via an array key in the textinputs[] par...
Ckeditor Fckeditor
383
VMScore
CVE-2012-2066
Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x prior to 6.x-2.3 and the CKEditor module 6.x-1.x prior to 6.x-1.9 and 7.x-1.x prior to 7.x-1.7 for Drupal allows remote authenticated users or remote malicious users to inject arbitrary web script or HTML vi...
Ckeditor Fckeditor 6.x-2.3
Ckeditor Fckeditor 6.x-2.0
Ckeditor Fckeditor 6.x-1.3
Ckeditor Fckeditor 6.x-1.1
Ckeditor Fckeditor 6.x-2.2
Ckeditor Fckeditor 6.x-1.4
Ckeditor Fckeditor 6.x-1.x
Ckeditor Fckeditor 6.x-2.1
Ckeditor Fckeditor 6.x-2.x
Ckeditor Fckeditor 6.x-1.2-1
Ckeditor Fckeditor 6.x-1.2
Ckeditor Ckeditor 6.x-1.5
Ckeditor Ckeditor 6.x-1.4
Ckeditor Ckeditor 7.x-1.6
Ckeditor Ckeditor 7.x-1.5
Ckeditor Ckeditor 7.x-1.0
Ckeditor Ckeditor 6.x-1.3
Ckeditor Ckeditor 6.x-1.2
Ckeditor Ckeditor 7.x-1.4
Ckeditor Ckeditor 7.x-1.3
Ckeditor Ckeditor 6.x-1.1
Ckeditor Ckeditor 6.x-1.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »