Lucene search
Popcorn942F13C2B1-7EC0-49C2-B69B-5D80376AD904HistoryApr 18, 2023 - 2:37 p.m.
CKeditor 4.20.2 in use which is vulnerable to CVE-2023-28439
2023-04-1814:37:27
popcorn94
www.huntr.dev
187
ckeditor
version 4.20.2
cve-2023-28439
vulnerability
bug bounty
0.003 Low
EPSS
Percentile
71.5%
Description
CKeditor 4.20.2 in use which is vulnerable to CVE-2023-28439
Proof of Concept
1) Go to https://demo.limesurvey.org/tmp/assets/a89a2fb4/ckeditor.js and note that version:"4.20.2"
2) Go to https://github.com/LimeSurvey/LimeSurvey/blob/master/assets/packages/ckeditor/ckeditor.js to verify version
3) Go to https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g which indicate CVE-2023-28439 affects ckeditor < 4.21.0
Related
fedora
fedora
[SECURITY] Fedora 37 Update: ckeditor-4.22.1-1.fc37
2023-10-04 15:49:11
[SECURITY] Fedora 39 Update: ckeditor-4.22.1-1.fc39
2023-11-03 18:51:18
[SECURITY] Fedora 38 Update: ckeditor-4.22.1-1.fc38
2023-10-04 15:51:55
veracode
veracode
Cross-Site Scripting (XSS)
2023-04-04 09:19:12
cvelist
cvelist
cve
cve
CVE-2023-28439
2023-03-22 21:15:18
openvas
openvas
Fedora: Security Advisory for ckeditor (FEDORA-2023-426b3a500d)
2023-11-05 00:00:00
CKEditor 4.x < 4.21 XSS Vulnerability - Linux
2023-03-28 00:00:00
CKEditor 4.x < 4.21 XSS Vulnerability - Windows
2023-03-28 00:00:00
ubuntucve
ubuntucve
CVE-2023-28439
2023-03-22 00:00:00
nessus
nessus
Fedora 39 : ckeditor (2023-426b3a500d)
2023-11-07 00:00:00
Fedora 38 : ckeditor (2023-79b5902a52)
2023-10-04 00:00:00
Fedora 37 : ckeditor (2023-983ff03630)
2023-10-04 00:00:00
nvd
nvd
CVE-2023-28439
2023-03-22 21:15:18
osv
osv
CVE-2023-28439
2023-03-22 21:15:18
prion
prion
Cross site scripting
2023-03-22 21:15:00
debiancve
debiancve
CVE-2023-28439
2023-03-22 21:15:18
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00