Known Vulnerabilities for products from Ckeditor
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Ckeditor".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-24729 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-03-16 | 2023-11-07 |
| CVE-2022-24728 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-03-16 | 2023-11-07 |
| CVE-2021-41165 | CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML pro... | 5.4 - MEDIUM | 2021-11-17 | 2022-10-05 |
| CVE-2021-41164 | CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Con... | 5.4 - MEDIUM | 2021-11-17 | 2023-11-07 |
| CVE-2021-37695 | ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CK... | 5.4 - MEDIUM | 2021-08-13 | 2023-11-07 |
| CVE-2021-33829 | A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allow... | 6.1 - MEDIUM | 2021-06-09 | 2023-11-07 |
| CVE-2021-32809 | ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CK... | 5.4 - MEDIUM | 2021-08-12 | 2023-11-07 |
| CVE-2021-32808 | ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboar... | 5.4 - MEDIUM | 2021-08-12 | 2023-11-07 |
| CVE-2021-26272 | It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like... | 6.5 - MEDIUM | 2021-01-26 | 2022-03-01 |
| CVE-2021-26271 | It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text int... | 6.5 - MEDIUM | 2021-01-26 | 2021-12-01 |
| CVE-2021-21391 | CKEditor 5 provides a WYSIWYG editing solution. This CVE affects the following npm packages: ckeditor5-engine, ckeditor5-font... | 6.5 - MEDIUM | 2021-04-29 | 2023-11-07 |
| CVE-2021-21254 | CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckedito... | 6.5 - MEDIUM | 2021-01-29 | 2023-11-07 |
| CVE-2020-27193 | A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbi... | 6.1 - MEDIUM | 2020-11-12 | 2021-12-02 |
| CVE-2020-9440 | A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run ar... | 6.1 - MEDIUM | 2020-03-10 | 2023-11-07 |
| CVE-2020-9281 | A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to... | 6.1 - MEDIUM | 2020-03-07 | 2023-11-07 |
| CVE-2018-17960 | CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. | 6.1 - MEDIUM | 2018-11-14 | 2019-07-17 |
| CVE-2018-11093 | Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject a... | 6.1 - MEDIUM | 2018-05-22 | 2019-10-30 |
| CVE-2018-9861 | Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4... | 6.1 - MEDIUM | 2018-04-19 | 2019-07-18 |
| CVE-2014-5191 | Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arb... | 4.3 - MEDIUM | 2014-08-07 | 2015-09-08 |
| CVE-2014-4037 | Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FC... | 4.3 - MEDIUM | 2014-06-11 | 2015-08-28 |
Known software with vulnerabilities from Ckeditor
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Ckeditor | Ckeditor | 4.0 |
| Application | Ckeditor | Ckeditor 5 | 10.0.1 |
| Application | Ckeditor | Ckeditor 5-link | 0.1.0 |
| Application | Ckeditor | Enhanced Image | 4.0.0 |
| Application | Ckeditor | Fckeditor | 2.6.10 |