Headline
CVE-2023-4771: Cross-Site Scripting vulnerability in CKSource CKEditor
A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user’s information.
Affected Resources
- CKEditor, 4.15.1 version and earlier.
Description
INCIBE has coordinated the publication of one vulnerabilitiy that affects CKEditor, an open source text editor that provides word processing functions on web pages, which has been discovered by Rafael Pedrero.
This vulnerabilitiy has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:
- CVE-2023-4771: CVSS v3.1: 6.1 | CVSS: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | CWE-79.
Solution
There is no reported solution at this time.
Detail
- CVE-2023-4771: a Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user’s information.
Related news
A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /`ckeditor/samples/old/ajax.html` file and retrieve an authorized user's information.