Lucene search
PRIOn knowledge basePRION:CVE-2024-24816HistoryFeb 07, 2024 - 5:15 p.m.
Cross site scripting
2024-02-0717:15:00
PRIOn knowledge base
www.prio-n.com
9
cross-site scripting
html editor
vulnerability
misconfigured feature
javascript execution
production code
ckeditor 4
version 4.24.0-lts
integrators
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the preview feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts.
Related
veracode
veracode
Cross Site Scripting (XSS)
2024-02-08 04:14:20
github
github
osv
osv
CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature
2024-02-07 17:31:34
CVE-2024-24816
2024-02-07 17:15:11
debiancve
debiancve
CVE-2024-24816
2024-02-07 17:15:11
nvd
nvd
CVE-2024-24816
2024-02-07 17:15:11
ubuntucve
ubuntucve
CVE-2024-24816
2024-02-07 00:00:00
cvelist
cvelist
cve
cve
CVE-2024-24816
2024-02-07 17:15:11
cnvd
cnvd
CKEditor cross-site scripting vulnerability (CNVD-2024-09867)
2024-02-22 00:00:00
nessus
nessus
CKEditor 4.x < 4.24.0-lts Multitple XSS
2024-02-09 00:00:00
openvas
openvas
CKEditor < 4.24.0-lts Multiple XSS Vulnerabilities - Windows
2023-11-20 00:00:00
CKEditor < 4.24.0-lts Multiple XSS Vulnerabilities - Linux
2023-11-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00