6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
35.3%
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.
blog.sonarsource.com/civicrm-code-execution-vulnerability-chain-explained/
civicrm.org/advisory/civi-sa-2020-11-csrf-ckeditor-configuration-form