Lucene search

Manish Pathak1337DAY-ID-38494

HistoryApr 05, 2023 - 12:00 a.m.

CKEditor 5 35.4.0 - Cross-Site Scripting Vulnerability

2023-04-0500:00:00

Manish Pathak

0day.today

201

cksource

cross-site scripting

vulnerability

full featured

widget

sanitize

browser

authentication

credentials

documentation

html embed

script tag

EPSS

0.001

Percentile

42.1%

JSON

# Exploit Title: CKEditor 5 35.4.0 - Cross-Site Scripting (XSS)
# Exploit Author: Manish Pathak
# Vendor Homepage: https://cksource.com/
# Software Link: https://ckeditor.com/ckeditor-5/download/
# Version: 35.4.0
# Tested on: Linux / Web
# CVE : CVE-2022-48110



CKSource CKEditor5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via Full Featured CKEditor5 Widget as the editor fails to sanitize user provided data.

An attacker can execute arbitrary script in the browser in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. 

CKEditor5 version 35.4.0 is tested & found to be vulnerable.

Documentation avaiable at https://ckeditor.com/docs/ckeditor5/latest/features/html-embed.html#security

Security Docs Says """The HTML embed feature does not currently execute code in <script> tags. However, it will execute code in the on* and src="javascript:..." attributes."""



Payload:

<div class="raw-html-embed">
    <script>alert(456)</script>
</div>

EPSS

0.001

Percentile

42.1%

JSON

Related for 1337DAY-ID-38494