Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ckeditor ckeditor vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2022-24977
ImpressCMS prior to 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHP_SESSION_UPLOAD_PROGRESS when the PHP install...
Impresscms Impresscms
668
VMScore
CVE-2019-19502
Code injection in pluginconfig.php in Image Uploader and Browser for CKEditor prior to 4.1.9 allows remote authenticated users to execute arbitrary PHP code.
Maleck Image Uploader And Browser For Ckeditor
668
VMScore
CVE-2019-9870
plugin.js in the w8tcha oEmbed plugin prior to 2019-03-14 for CKEditor mishandles SCRIPT elements.
Oembed Project Oembed
605
VMScore
CVE-2012-2067
Unspecified vulnerability in the CKeditor module 6.x-2.x prior to 6.x-2.3 and the CKEditor module 6.x-1.x prior to 6.x-1.9 and 7.x-1.x prior to 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote malicious users to execute arbitrar...
Ckeditor Fckeditor 6.x-2.1
Ckeditor Fckeditor 6.x-2.0
Ckeditor Fckeditor 6.x-1.4
Ckeditor Fckeditor 6.x-1.3
Ckeditor Fckeditor 6.x-1.2
Ckeditor Fckeditor 6.x-1.1
Ckeditor Fckeditor 6.x-2.3
Ckeditor Fckeditor 6.x-2.x
Ckeditor Fckeditor 6.x-1.2-1
Ckeditor Fckeditor 6.x-2.2
Ckeditor Fckeditor 6.x-1.x
Ckeditor Ckeditor 6.x-1.7
Ckeditor Ckeditor 6.x-1.6
Ckeditor Ckeditor 6.x-1.x
Ckeditor Ckeditor 6.x-1.0
Ckeditor Ckeditor 7.x-1.0
Ckeditor Ckeditor 7.x-1.x
Ckeditor Ckeditor 6.x-1.5
Ckeditor Ckeditor 6.x-1.4
Ckeditor Ckeditor 7.x-1.6
Ckeditor Ckeditor 7.x-1.5
Ckeditor Ckeditor 6.x-1.1
515
VMScore
CVE-2006-3362
Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 up to and including 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and previous versions, (3) WeBid 0.5.4, and possibly other products, when install...
Geeklog Geeklog 1.4.0 Sr3
Toenda Software Development Toendacms 0.6.1
Geeklog Geeklog 1.4.0 Sr1
Geeklog Geeklog 1.4.0 Sr2
Geeklog Geeklog 1.4.0
Toenda Software Development Toendacms 1.0
Toenda Software Development Toendacms 0.6.2
Toenda Software Development Toendacms 0.7
1 EDB exploit
445
VMScore
CVE-2022-24729
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop r...
Ckeditor Ckeditor
Drupal Drupal
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Commerce Merchandising 11.3.2
Oracle Financial Services Trade-based Anti Money Laundering 8.0.7
Oracle Financial Services Trade-based Anti Money Laundering 8.0.8
Fedoraproject Fedora 36
Oracle Financial Services Analytical Applications Infrastructure 8.1.2.0
Oracle Financial Services Analytical Applications Infrastructure 8.1.1.0
Oracle Application Express
Oracle Financial Services Analytical Applications Infrastructure 8.1.2.1
Oracle Financial Services Behavior Detection Platform
Oracle Financial Services Analytical Applications Infrastructure
Oracle Financial Services Behavior Detection Platform 8.0.8.0
Oracle Financial Services Behavior Detection Platform 8.0.7.0
Fedoraproject Fedora 37
445
VMScore
CVE-2011-4972
hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote malicious users to read private files via a direct request.
Ckeditor Ckeditor 7.x-1.4
445
VMScore
CVE-2016-9182
Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can us...
Exponentcms Exponent Cms 2.4.0
435
VMScore
CVE-2012-4000
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and previous versions allows remote malicious users to inject arbitrary web script or HTML via textinput...
Ckeditor Fckeditor 2.6.3
Ckeditor Fckeditor 2.5
Ckeditor Fckeditor 2.4.3
Ckeditor Fckeditor 2.3
Ckeditor Fckeditor 2.0
Ckeditor Fckeditor 1.2.2
Ckeditor Fckeditor 1.2
Ckeditor Fckeditor 0.9.4
Ckeditor Fckeditor 0.9.3
Ckeditor Fckeditor
Ckeditor Fckeditor 2.6.5
Ckeditor Fckeditor 2.6
Ckeditor Fckeditor 2.4
Ckeditor Fckeditor 2.3.3
Ckeditor Fckeditor 2.1
Ckeditor Fckeditor 1.4
Ckeditor Fckeditor 1.3.1
Ckeditor Fckeditor 1.0
Ckeditor Fckeditor 0.8.5
Ckeditor Fckeditor 0.8
Ckeditor Fckeditor 2.6.4
Ckeditor Fckeditor 2.6.4.1
1 EDB exploit
384
VMScore
CVE-2020-9281
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 prior to 4.14 allows remote malicious users to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
Ckeditor Ckeditor
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Drupal Drupal
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Webcenter Portal 12.2.1.3.0
Oracle Webcenter Portal 11.1.1.9.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Agile Plm 9.3.5
Oracle Agile Plm 9.3.6
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Webcenter Portal 12.2.1.4.0
Oracle Application Express
Oracle Jd Edwards Enterpriseone Tools
Oracle Siebel Apps - Customer Order Management
Oracle Peoplesoft Enterprise Peopletools -
Oracle Banking Enterprise Default Management 2.12.0
Oracle Banking Enterprise Default Management 2.10.0
Oracle Banking Enterprise Default Managment
Oracle Banking Enterprise Default Management 2.7.0
Oracle Banking Enterprise Default Management 2.7.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »