CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor. It has been discovered that the `ckeditor-wordcount-plugin` plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. This issue has been addressed in version 1.17.12 of the `ckeditor-wordcount-plugin` plugin and users are advised to upgrade. There are no known workarounds for this vulnerability.

CKEDITOR.plugins.add("wordcount",

lang: "ar,bg,ca,cs,da,de,el,en,es,eu,fa,fi,fr,he,hr,hu,it,ka,ko,ja,nl,no,pl,pt,pt-br,ru,sk,sv,tr,uk,zh-cn,zh,ro", // %REMOVE\_LINE\_CORE%

requires: "htmlwriter,notification,undo",

bbcodePluginLoaded: false,

// Parse filtered HTML, without applying it to any element in DOM

var tmp \= new DOMParser().parseFromString(html, 'text/html');

Headline

CVE-2023-37905: [FIXED] xss issue · w8tcha/CKEditor-WordCount-Plugin@0f03b3e

CVE: Latest News