← Back

Ckeditor

ckeditor

34 CVEs • 15 products

Products (15)

Click to collapse
Toggle
Ckeditor
ckeditor
24 CVEs
Fckeditor
fckeditor
4 CVEs
Ckeditor5
ckeditor5
4 CVEs
Ckeditor5 Markdown Gfm
ckeditor5-markdown-gfm
2 CVEs
Enhanced Image
enhanced_image
1 CVE
Ckeditor 5 Link
ckeditor_5-link
1 CVE
Ckeditor5 Engine
ckeditor5-engine
1 CVE
Ckeditor5 Font
ckeditor5-font
1 CVE
Ckeditor5 Image
ckeditor5-image
1 CVE
Ckeditor5 List
ckeditor5-list
1 CVE
Ckeditor5 Media Embed
ckeditor5-media-embed
1 CVE
Ckeditor5 Paste From Office
ckeditor5-paste-from-office
1 CVE
Ckeditor5 Widget
ckeditor5-widget
1 CVE
Ckeditor5 Html Embed
ckeditor5-html-embed
1 CVE
Ckeditor5 Html Support
ckeditor5-html-support
1 CVE

CVEs (34)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-26272
2Ckeditor
Oracle
10Agile Plm
Application ExpressBanking Party Management+7 more
Nov 21, 2024
Jan 26, 2021
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
CVE-2021-26271
2Ckeditor
Oracle
7Agile Plm
Application ExpressCkeditor+4 more
Nov 21, 2024
Jan 26, 2021
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
CVE-2020-27193
2Ckeditor
Oracle
9Agile Plm
Application ExpressBanking Party Management+6 more
Nov 21, 2024
Nov 12, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor...Show more
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.Show less
CVE-2020-9440
3Ckeditor
FedoraprojectWebspellchecker
3Ckeditor
FedoraWebspellchecker
Nov 21, 2024
Mar 10, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor...Show more
A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor.Show less
CVE-2020-9281
4Ckeditor
DrupalFedoraproject+1 more
11Agile Plm
Application ExpressBanking Enterprise Default Management+8 more
Nov 21, 2024
Mar 7, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected synt...Show more
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).Show less
CVE-2011-4972
1Ckeditor
1Ckeditor
Nov 21, 2024
Nov 13, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request.
CVE-2018-17960
1Ckeditor
1Ckeditor
Nov 21, 2024
Nov 14, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
CVE-2018-11093
1Ckeditor
1Ckeditor 5 Link
Nov 21, 2024
May 22, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element.
CVE-2018-9861
2Ckeditor
Drupal
2Drupal
Enhanced Image
Nov 21, 2024
Apr 19, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other produc...Show more
Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element.Show less
CVE-2014-5191
1Ckeditor
1Ckeditor
May 6, 2026
Aug 7, 2014
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4037
1Ckeditor
1Fckeditor
May 6, 2026
Jun 11, 2014
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTM...Show more
Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an array key in the textinputs[] parameter, a different issue than CVE-2012-4000.Show less
CVE-2012-2067
1Ckeditor
2Ckeditor
Fckeditor
Apr 29, 2026
Sep 5, 2012
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticat...Show more
Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote attackers to execute arbitrary PHP code via the text parameter to a text filter. NOTE: some of these details are obtained from third party information.Show less
CVE-2012-2066
1Ckeditor
2Ckeditor
Fckeditor
Apr 29, 2026
Sep 5, 2012
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote att...Show more
Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors.Show less
CVE-2012-4000
1Ckeditor
1Fckeditor
Apr 29, 2026
Jul 12, 2012
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to injec...Show more
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.Show less