Search CVE reports


Toggle filters

1 – 10 of 16 results


CVE-2024-45613

Medium priority
Needs evaluation

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-43411

Negligible priority
Needs evaluation

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-43407

Medium priority
Needs evaluation

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-24816

Medium priority
Needs evaluation

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature....

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-24815

Medium priority
Needs evaluation

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-4771

Medium priority
Needs evaluation

A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-28439

Medium priority
Needs evaluation

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-48110

Medium priority
Ignored

** DISPUTED ** CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Not affected Not affected Not affected Not affected Not affected
ckeditor3 Not affected Not affected Not affected Not affected Ignored
ldap-account-manager Not affected Not affected Not affected Not affected Not affected
request-tracker4 Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-22457

Medium priority
Needs evaluation

CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he `CKEditor.HTMLConverter` document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-31175

Medium priority
Needs evaluation

CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript...

4 affected packages

ckeditor, ckeditor3, ldap-account-manager, request-tracker4

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ckeditor Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages