Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40ckeditor/ckeditor5-html-support@47.0.0-alpha.9
Typenpm
Namespace@ckeditor
Nameckeditor5-html-support
Version47.0.0-alpha.9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version47.6.0
Latest_non_vulnerable_version47.6.0
Affected_by_vulnerabilities
0
url VCID-dc1k-hva1-pkbs
vulnerability_id VCID-dc1k-hva1-pkbs
summary 
CKEditor 5 has Cross-site Scripting (XSS) in the HTML Support package
### Impact
A Cross-Site Scripting (XSS) vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially crafted markup, leading to unauthorized JavaScript code execution, if the editor instance used an unsafe General HTML Support configuration.

This vulnerability affects only installations where the editor configuration meets the following criteria:

* [General HTML Support](https://ckeditor.com/docs/ckeditor5/latest/features/html/general-html-support.html) is enabled,
* General HTML Support configuration allows inserting unsafe markup (see [Security](https://ckeditor.com/docs/ckeditor5/latest/features/html/general-html-support.html#security) section to learn more).

### Patches
The problem has been recognized and patched. The fix will be available in version 47.6.0 (and above).

### Workarounds
CKEditor 5 recommends configuring General HTML Support securely to ensure that unsafe content is not accepted. Please refer to the [Security](https://ckeditor.com/docs/ckeditor5/latest/features/html/general-html-support.html#security) section for detailed guidance.

### Credits
CKEditor 5 would like to thank: 
- Emilio Kevin
- Jeongwoo Lee, Younsoung Kim, Minseok Kim and Jinyeong Kim from ENKI Whitehat

for responsibly reporting this vulnerability.

### For more information
Email us at [security@cksource.com](mailto:security@cksource.com) if you have any questions or comments about this advisory.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28343
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11151
published_at 2026-04-04T12:55:00Z
1
value 0.00037
scoring_system epss
scoring_elements 0.11088
published_at 2026-04-02T12:55:00Z
2
value 0.00043
scoring_system epss
scoring_elements 0.12953
published_at 2026-04-21T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.12852
published_at 2026-04-16T12:55:00Z
4
value 0.00043
scoring_system epss
scoring_elements 0.12952
published_at 2026-04-13T12:55:00Z
5
value 0.00043
scoring_system epss
scoring_elements 0.12939
published_at 2026-04-07T12:55:00Z
6
value 0.00043
scoring_system epss
scoring_elements 0.12854
published_at 2026-04-18T12:55:00Z
7
value 0.00043
scoring_system epss
scoring_elements 0.12998
published_at 2026-04-12T12:55:00Z
8
value 0.00043
scoring_system epss
scoring_elements 0.13037
published_at 2026-04-11T12:55:00Z
9
value 0.00043
scoring_system epss
scoring_elements 0.13068
published_at 2026-04-09T12:55:00Z
10
value 0.00043
scoring_system epss
scoring_elements 0.13018
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28343
1
reference_url https://github.com/ckeditor/ckeditor5
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor5
2
reference_url https://github.com/ckeditor/ckeditor5/releases/tag/v29.0.0
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-06T17:56:09Z/
url https://github.com/ckeditor/ckeditor5/releases/tag/v29.0.0
3
reference_url https://github.com/ckeditor/ckeditor5/releases/tag/v47.6.0
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-06T17:56:09Z/
url https://github.com/ckeditor/ckeditor5/releases/tag/v47.6.0
4
reference_url https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-jrqm-vmqc-gm93
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-06T17:56:09Z/
url https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-jrqm-vmqc-gm93
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28343
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28343
6
reference_url https://github.com/advisories/GHSA-jrqm-vmqc-gm93
reference_id GHSA-jrqm-vmqc-gm93
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jrqm-vmqc-gm93
fixed_packages
0
url pkg:npm/%40ckeditor/ckeditor5-html-support@47.6.0
purl pkg:npm/%40ckeditor/ckeditor5-html-support@47.6.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-html-support@47.6.0
aliases CVE-2026-28343, GHSA-jrqm-vmqc-gm93
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dc1k-hva1-pkbs
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540ckeditor/ckeditor5-html-support@47.0.0-alpha.9