Lucene search
GoogleOSV:GHSA-6P89-3P7C-QRHVHistoryFeb 13, 2023 - 9:31 p.m.
Cross-site scripting in CKEditor5
2023-02-1321:31:04
Google
osv.dev
10
cksource
ckeditor5
cross-site scripting
xss
vulnerability
documentation
integrator
security settings
default values
EPSS
0.001
Percentile
42.1%
CKSource CKEditor5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget.
NOTE: the vendor’s position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator (who is adding CKEditor 5 functionality to a website) to choose the correct security settings for their use case. Also, safe default values are established (e.g., config.htmlEmbed.showPreviews is false).
Related
cvelist
cvelist
CVE-2022-48110
2023-02-13 00:00:00
openvas
openvas
CKEditor 5 <= 35.4.0 XSS Vulnerability
2023-02-14 00:00:00
nvd
nvd
CVE-2022-48110
2023-02-13 20:15:10
cve
cve
CVE-2022-48110
2023-02-13 20:15:10
exploitdb
exploitdb
CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)
2023-04-05 00:00:00
zdt
zdt
CKSource CKEditor5 35.4.0 Cross Site Scripting Vulnerability
2023-02-13 00:00:00
CKEditor 5 35.4.0 - Cross-Site Scripting Vulnerability
2023-04-05 00:00:00
prion
prion
Cross site scripting
2023-02-13 20:15:00
packetstorm
packetstorm
CKSource CKEditor5 35.4.0 Cross Site Scripting
2023-02-09 00:00:00
ubuntucve
ubuntucve
CVE-2022-48110
2023-02-13 00:00:00
github
github
Cross-site scripting in CKEditor5
2023-02-13 21:31:04
ibm
ibm