CVE-2018-17960
MEDIUM6.1EPSS 2.0%Ckeditor XSS Vulnerability
Published: 11/21/2018Modified: 4/28/2026
Description
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
Affected packages (5)
- Debian/ckeditorfrom 0, < 4.11.1+dfsg-1
- Debian/ckeditor3from 0
- npm/ckeditorfrom 0, < 4.11.0
- Packagist/typo3/cms>= 8.0.0, < 8.7.21
- Packagist/typo3/cms-core>= 8.0.0, < 8.7.21
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
References (10)
- ADVISORYhttps://github.com/advisories/GHSA-g68x-vvqq-pvw3
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-17960
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-17960
- WEBhttps://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released
- WEBhttps://ckeditor.com/cke4/release/CKEditor-4.11.0
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml
- WEBhttps://typo3.org/security/advisory/typo3-core-sa-2018-005
- WEBhttps://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205
- WEBhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html