CVE-2026-28343

< 47.6.0

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.

6.4MEDIUM

CVE-2025-61261

all versions

A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary c

5.4MEDIUM

CVE-2024-45613

>= 40.0.0 and < 43.1.1

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS)

6.1MEDIUM

CVE-2024-43407

>= 4.0 and < 4.25.0

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4

6.1MEDIUM

CVE-2024-24816

>= 4.0 and < 4.24.0

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been

6.1MEDIUM

CVE-2024-24815

>= 4.0 and < 4.24.0

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in

6.1MEDIUM

CVE-2023-4771

<= 4.15.1

A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could

6.1MEDIUM

CVE-2023-31541

all versions

A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugi

9.8CRITICAL

CVE-2023-28439

>= 4.0 and < 4.21.0

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered aff

4.7MEDIUM

CVE-2022-48110

all versions

CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 wi

6.1MEDIUM

CVE-2022-31175

< 35.0.1

CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKE

5.8MEDIUM

CVE-2022-24729

>= 4.0 and < 4.18.0

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability i

6.5MEDIUM

CVE-2022-24728

>= 4.0 and < 4.18.0

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML process

5.4MEDIUM

CVE-2021-41165

< 4.17.0

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processi

8.2HIGH

CVE-2021-41164

>= 4.0 and < 4.17.0

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content

8.2HIGH

CVE-2021-37695

< 4.16.2

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdito

7.3HIGH

CVE-2021-32809

>= 4.5.2 and < 4.16.2

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdito

4.6MEDIUM

CVE-2021-32808

>= 4.13.0 and < 4.16.2

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Wid

7.6HIGH

CVE-2021-33829

>= 4.14.0 and < 4.16.1

A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows rem

6.1MEDIUM

CVE-2021-21391

< 27.0.0

CKEditor 5 provides a WYSIWYG editing solution. This CVE affects the following npm packages: ckeditor5-engine, ckeditor5-font, cke

6.5MEDIUM

CVE-2021-21254

< 25.0.0

CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin (@ckeditor/cke

6.5MEDIUM

CVE-2021-26272

>= 4.0 and < 4.16

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text

6.5MEDIUM

CVE-2021-26271

>= 4.0 and < 4.16

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the

6.5MEDIUM

CVE-2020-27193

all versions

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary

6.1MEDIUM

CVE-2020-9440

all versions

A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitra

6.1MEDIUM

CVE-2020-9281

>= 4.0 and < 4.14

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inje

6.1MEDIUM

CVE-2011-4972

all versions

hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remo

7.5HIGH

CVE-2015-9349

< 4.5.3.1

The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser.

6.1MEDIUM

CVE-2018-17960

>= 4.0 and < 4.11.0

CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.

6.1MEDIUM

CVE-2014-5191

<= 4.4.2

Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrar

CVE-2014-4037

<= 2.6.10

Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKedit

CVE-2012-2067

all versions

Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x

CVE-2012-2066

all versions

Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x

CVE-2012-4000

<= 2.6.7

Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/serve