Cksource

cksource

8 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Ckeditor 5 Premium Features

ckeditor_5_premium_features

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-13980 1Cksource 1Ckeditor 5 Premium Features Feb 12, 2026 Jan 28, 2026 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3....Show more Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0 before 1.6.4.Show less
CVE-2016-20023 1Cksource 1Ckfinder Dec 17, 2025 Dec 5, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided.
CVE-2025-63830 1Cksource 1Ckfinder Nov 19, 2025 Nov 14, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.
CVE-2024-13245 1Cksource 1Ckeditor 4 Jul 7, 2025 Jan 9, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting (XSS).This issue affects CKEditor 4 LTS - WYSI...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting (XSS).This issue affects CKEditor 4 LTS - WYSIWYG HTML editor: from 1.0.0 before 1.0.1.Show less
CVE-2023-4771 1Cksource 1Ckeditor Nov 21, 2024 Nov 16, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrie...Show more A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information.Show less
CVE-2019-15891 1Cksource 1Ckfinder Jun 17, 2026 Sep 26, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing pro...Show more An issue was discovered in CKFinder through 2.6.2.1 and 3.x through 3.5.0. The documentation has misleading information that could lead to a conclusion that the application has a built-in bulletproof content sniffing protection.Show less
CVE-2019-15862 1Cksource 1Ckfinder Jun 17, 2026 Sep 26, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined...Show more An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP.Show less
CVE-2015-9349 1Cksource 1Ckeditor Nov 21, 2024 Aug 27, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser.