pkg:npm/ckeditor4

All known vulnerabilities

• HIGH8.2CVE-2021-41165HTML comments vulnerability allowing to execute JavaScript code
  from 0, < 4.17.0
• HIGH8.2CVE-2021-41164Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML
  from 0, < 4.17.0
• HIGH7.6CVE-2021-32808Widget feature vulnerability allowing to execute JavaScript code using undo functionality
  >= 4.13.0, < 4.16.2
• HIGH7.3CVE-2021-37695Fake objects feature vulnerability allowing to execute JavaScript code using malformed HTML.
  from 0, < 4.16.2
• MEDIUM6.5CVE-2021-26272Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4
  from 0, < 4.16.0
• MEDIUM6.1CVE-2024-43407Code Snippet GeSHi plugin in CKEditor 4 has reflected cross-site scripting (XSS) vulnerability
  from 0, < 4.25.0
• MEDIUM6.1CVE-2023-4771CKEditor cross-site scripting vulnerability in AJAX sample
  from 0, < 4.24.0-lts
• MEDIUM6.1CVE-2024-24816CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature
  from 0, < 4.24.0-lts
• MEDIUM6.1CVE-2024-24815CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection
  from 0, < 4.24.0-lts
• MEDIUM6.1CVE-2020-27193Improper Neutralization of Input During Web Page Generation in CKEditor4
  from 0, < 4.15.1
• MEDIUM6.1CVE-2021-33829ckeditor4 vulnerable to cross-site scripting
  >= 4.14.0, < 4.16.1
• MEDIUM6.1CVE-2020-9281CKEditor 4.0 vulnerability in the HTML Data Processor
  from 0, < 4.14.0
• MEDIUM5.4CVE-2022-24728Cross-site Scripting in CKEditor4
  from 0, < 4.18.0
• MEDIUM4.6CVE-2021-32809Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality
  >= 4.5.2, < 4.16.2
• LOW3.1CVE-2024-43411CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover
  >= 4.22.0, < 4.25.0