Headline
GHSA-hxjc-9j8v-v9pr: CKEditor Cross-site Scripting vulnerability
A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user’s information.
CKEditor Cross-site Scripting vulnerability
Moderate severity GitHub Reviewed Published Nov 16, 2023 to the GitHub Advisory Database • Updated Nov 16, 2023
Related news
CVE-2023-4771: Cross-Site Scripting vulnerability in CKSource CKEditor
A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information.