Advisories for Npm/Ckeditor4-Dev package

2024

Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability

A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the GeSHi syntax highlighter library hosted by the victim. The GeSHi library was included as a vendor dependency in CKEditor 4 source files. In a specific scenario, an attacker could craft a malicious script that could be executed by sending a request to the GeSHi …

2022