CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)

2023-04-0500:00:00

Manish Pathak

www.exploit-db.com

129

ckeditor 5

xss

vulnerability

arbitrary script execution

security docs

html embed

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

42.1%

JSON

# Exploit Title: CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)
# Google Dork: N/A
# Date: February 09, 2023
# Exploit Author: Manish Pathak
# Vendor Homepage: https://cksource.com/
# Software Link: https://ckeditor.com/ckeditor-5/download/
# Version: 35.4.0
# Tested on: Linux / Web
# CVE : CVE-2022-48110



CKSource CKEditor5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via Full Featured CKEditor5 Widget as the editor fails to sanitize user provided data.

An attacker can execute arbitrary script in the browser in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. 

CKEditor5 version 35.4.0 is tested & found to be vulnerable.

Documentation avaiable at https://ckeditor.com/docs/ckeditor5/latest/features/html-embed.html#security

Security Docs Says """The HTML embed feature does not currently execute code in <script> tags. However, it will execute code in the on* and src="javascript:..." attributes."""



Payload:

<div class="raw-html-embed">
    <script>alert(456)</script>
</div>