CVE-2023-4771

CKEditor Cross-site Scripting vulnerability in npm/ckeditor4

Identifiers

GHSA-hxjc-9j8v-v9pr, CVE-2023-4771

Package Slug

npm/ckeditor4

Vulnerability

CKEditor Cross-site Scripting vulnerability

Description

A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information.

Affected Versions

All versions up to 4.15.1

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-11-17

source