Lucene search

K

Veracode Vulnerability DatabaseVERACODE:40031

HistoryApr 04, 2023 - 9:19 a.m.

Cross-Site Scripting (XSS)

2023-04-0409:19:12

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

18

ckeditor4

cross-site scripting

javascript injection

content security policy

0.003 Low

EPSS

Percentile

71.5%

ckeditor4 is vulnerable to Cross-Site Scripting (XSS) attacks. A web page with missing Content Security Policy configuration, initializing the editor on an element other than `` as a base, allows an attacker to inject and execute malicious javascript on victim’s browser.

CPENameOperatorVersion
ckeditor4le4.20.2
ckeditor4le4.20.2
ckeditor:sideq4.12.1+dfsg-1
ckeditor4le4.20.2
ckeditor4le4.20.2
ckeditor:sideq4.12.1+dfsg-1

References

ckeditor.com/cke4/addon/embed

ckeditor.com/cke4/addon/iframe

github.com/ckeditor/ckeditor4/commit/d25cd86f87a72bfcaec4da1b6c7aea59f3ad0e16

github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g

lists.fedoraproject.org/archives/list/[email protected]/message/GWKG2VCPJNETVCDTXU4X6FQ2PO6XCNGN/

lists.fedoraproject.org/archives/list/[email protected]/message/L4ODGOW6PYVOXHQSMWJBOCE6DXWAI33W/

lists.fedoraproject.org/archives/list/[email protected]/message/VCYKD3JZWWA3ESOZG4PHJJEXT4EYIUIQ/

0.003 Low

EPSS

Percentile

71.5%

Related for VERACODE:40031

fedora3 cvelist1 cve1 openvas5 ubuntucve1 nessus5 nvd1 osv1 huntr1 prion1 debiancve1 oracle3