Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/ckeditor4@4.0.0

Type npm

Namespace

Name ckeditor4

Version 4.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.25.0

Latest_non_vulnerable_version 4.25.0

Affected_by_vulnerabilities

url VCID-5ka8-rxmr-ubcu

vulnerability_id VCID-5ka8-rxmr-ubcu

summary A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-9440

reference_id

reference_type

scores

value	0.00485
scoring_system	epss
scoring_elements	0.65359
published_at	2026-04-21T12:55:00Z

value	0.00485
scoring_system	epss
scoring_elements	0.65374
published_at	2026-04-18T12:55:00Z

value	0.00485
scoring_system	epss
scoring_elements	0.65244
published_at	2026-04-01T12:55:00Z

value	0.00485
scoring_system	epss
scoring_elements	0.65294
published_at	2026-04-02T12:55:00Z

value	0.00485
scoring_system	epss
scoring_elements	0.6532
published_at	2026-04-04T12:55:00Z

value	0.00485
scoring_system	epss
scoring_elements	0.65284
published_at	2026-04-07T12:55:00Z

value	0.00485
scoring_system	epss
scoring_elements	0.65336
published_at	2026-04-08T12:55:00Z

value	0.00485
scoring_system	epss
scoring_elements	0.65348
published_at	2026-04-09T12:55:00Z

value	0.00485
scoring_system	epss
scoring_elements	0.65367
published_at	2026-04-11T12:55:00Z

value	0.00485
scoring_system	epss
scoring_elements	0.65354
published_at	2026-04-12T12:55:00Z

value	0.00485
scoring_system	epss
scoring_elements	0.65326
published_at	2026-04-13T12:55:00Z

value	0.00485
scoring_system	epss
scoring_elements	0.65363
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-9440

reference_url	https://ckeditor.com/blog/CKEditor-4.14-with-Paste-from-LibreOffice-released/#security-issues-fixed
reference_id
reference_type
scores
url	https://ckeditor.com/blog/CKEditor-4.14-with-Paste-from-LibreOffice-released/#security-issues-fixed

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4/

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ckeditor:ckeditor:4.0:::::::*
reference_id	cpe:2.3:a:ckeditor:ckeditor:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ckeditor:ckeditor:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:webspellchecker:webspellchecker::::::::
reference_id	cpe:2.3:a:webspellchecker:webspellchecker::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:webspellchecker:webspellchecker::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-9440

reference_id

CVE-2020-9440

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2020-9440

fixed_packages

url pkg:npm/ckeditor4@4.13.0

purl pkg:npm/ckeditor4@4.13.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17pr-6guy-53ge

vulnerability	VCID-4x92-vapt-n7dz

vulnerability	VCID-8hvk-a5es-v3e4

vulnerability	VCID-c8r2-wpf3-47f9

vulnerability	VCID-cjwn-p59n-8ygs

vulnerability	VCID-h5zz-wz8f-2uf6

vulnerability	VCID-h8tt-ky69-fuch

vulnerability	VCID-k7qp-c6vp-sqbg

vulnerability	VCID-nj3a-eb59-jygs

vulnerability	VCID-sd2a-hmu2-wbax

vulnerability	VCID-un66-k85j-b7d2

vulnerability	VCID-uw7w-utew-ufb2

vulnerability	VCID-vc97-xds1-67gu

vulnerability	VCID-vj35-jtgq-8qbv

vulnerability	VCID-xhp7-kqdk-tfeu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.13.0

aliases CVE-2020-9440

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ka8-rxmr-ubcu

url VCID-8hvk-a5es-v3e4

vulnerability_id VCID-8hvk-a5es-v3e4

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CKEditor4 is an open source WYSIWYG HTML editor. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41164

reference_id

reference_type

scores

value	0.00076
scoring_system	epss
scoring_elements	0.22783
published_at	2026-04-01T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22811
published_at	2026-04-21T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22851
published_at	2026-04-18T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22857
published_at	2026-04-16T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22843
published_at	2026-04-13T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.229
published_at	2026-04-12T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22936
published_at	2026-04-11T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22916
published_at	2026-04-09T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22863
published_at	2026-04-08T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22789
published_at	2026-04-07T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22997
published_at	2026-04-04T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22953
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41164

reference_url

https://github.com/ckeditor/ckeditor4

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4

reference_url

https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/

reference_url

https://www.drupal.org/sa-core-2021-011

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2021-011

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
reference_id	999909
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909

reference_url

https://security.archlinux.org/AVG-2565

reference_id

AVG-2565

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2565

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-41164

reference_id

CVE-2021-41164

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-41164

reference_url

https://github.com/advisories/GHSA-pvmx-g8h5-cprj

reference_id

GHSA-pvmx-g8h5-cprj

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pvmx-g8h5-cprj

reference_url

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj

reference_id

GHSA-pvmx-g8h5-cprj

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj

fixed_packages

url pkg:npm/ckeditor4@4.17.0

purl pkg:npm/ckeditor4@4.17.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cjwn-p59n-8ygs

vulnerability	VCID-h8tt-ky69-fuch

vulnerability	VCID-k7qp-c6vp-sqbg

vulnerability	VCID-un66-k85j-b7d2

vulnerability	VCID-uw7w-utew-ufb2

vulnerability	VCID-vc97-xds1-67gu

vulnerability	VCID-xhp7-kqdk-tfeu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.17.0

aliases CVE-2021-41164, GHSA-pvmx-g8h5-cprj

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8hvk-a5es-v3e4

url VCID-c8r2-wpf3-47f9

vulnerability_id VCID-c8r2-wpf3-47f9

summary

CKEditor 4 ReDoS Vulnerability
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-26271

reference_id

reference_type

scores

value	0.00617
scoring_system	epss
scoring_elements	0.69867
published_at	2026-04-01T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69964
published_at	2026-04-21T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69982
published_at	2026-04-18T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69972
published_at	2026-04-16T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69929
published_at	2026-04-13T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69943
published_at	2026-04-12T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69959
published_at	2026-04-11T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69935
published_at	2026-04-09T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69919
published_at	2026-04-08T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69871
published_at	2026-04-07T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69894
published_at	2026-04-04T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.69879
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-26271

reference_url	https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first
reference_id
reference_type
scores
url	https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26271
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26271

reference_url

https://github.com/ckeditor/ckeditor4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4

reference_url

https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-26271

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-26271

reference_url

https://web.archive.org/web/20210128132707/https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210128132707/https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587
reference_id	982587
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587

reference_url

https://github.com/advisories/GHSA-jv4c-7jqq-m34x

reference_id

GHSA-jv4c-7jqq-m34x

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jv4c-7jqq-m34x

fixed_packages

url pkg:npm/ckeditor4@4.16.0

purl pkg:npm/ckeditor4@4.16.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17pr-6guy-53ge

vulnerability	VCID-4x92-vapt-n7dz

vulnerability	VCID-8hvk-a5es-v3e4

vulnerability	VCID-cjwn-p59n-8ygs

vulnerability	VCID-h8tt-ky69-fuch

vulnerability	VCID-k7qp-c6vp-sqbg

vulnerability	VCID-s8u8-xbdk-87dj

vulnerability	VCID-sd2a-hmu2-wbax

vulnerability	VCID-un66-k85j-b7d2

vulnerability	VCID-uw7w-utew-ufb2

vulnerability	VCID-vc97-xds1-67gu

vulnerability	VCID-vj35-jtgq-8qbv

vulnerability	VCID-xhp7-kqdk-tfeu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.16.0

aliases CVE-2021-26271, GHSA-jv4c-7jqq-m34x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c8r2-wpf3-47f9

url VCID-h5zz-wz8f-2uf6

vulnerability_id VCID-h5zz-wz8f-2uf6

summary

Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-26272

reference_id

reference_type

scores

value	0.00502
scoring_system	epss
scoring_elements	0.65943
published_at	2026-04-01T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66056
published_at	2026-04-21T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66068
published_at	2026-04-18T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66054
published_at	2026-04-16T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66018
published_at	2026-04-13T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66049
published_at	2026-04-12T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66061
published_at	2026-04-11T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66042
published_at	2026-04-09T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.6603
published_at	2026-04-08T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.6598
published_at	2026-04-07T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66014
published_at	2026-04-04T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.65985
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-26272

reference_url

https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26272
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26272

reference_url

https://github.com/ckeditor/ckeditor4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4

reference_url

https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-26272

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-26272

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587
reference_id	982587
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587

reference_url

https://github.com/advisories/GHSA-wpvm-wqr4-p7cw

reference_id

GHSA-wpvm-wqr4-p7cw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wpvm-wqr4-p7cw

fixed_packages

url pkg:npm/ckeditor4@4.16.0

purl pkg:npm/ckeditor4@4.16.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17pr-6guy-53ge

vulnerability	VCID-4x92-vapt-n7dz

vulnerability	VCID-8hvk-a5es-v3e4

vulnerability	VCID-cjwn-p59n-8ygs

vulnerability	VCID-h8tt-ky69-fuch

vulnerability	VCID-k7qp-c6vp-sqbg

vulnerability	VCID-s8u8-xbdk-87dj

vulnerability	VCID-sd2a-hmu2-wbax

vulnerability	VCID-un66-k85j-b7d2

vulnerability	VCID-uw7w-utew-ufb2

vulnerability	VCID-vc97-xds1-67gu

vulnerability	VCID-vj35-jtgq-8qbv

vulnerability	VCID-xhp7-kqdk-tfeu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.16.0

aliases CVE-2021-26272, GHSA-wpvm-wqr4-p7cw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h5zz-wz8f-2uf6

url VCID-k7qp-c6vp-sqbg

vulnerability_id VCID-k7qp-c6vp-sqbg

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages on a web page with missing proper Content Security Policy configuration; initializing the editor on an element and using an element other than `<textarea>` as a base; and destroying the editor instance. This vulnerability might affect a small percentage of integrators that depend on dynamic editor initialization/destroy mechanism. A fix is available in CKEditor4 version 4.21.0. In some rare cases, a security fix may be considered a breaking change. Starting from version 4.21.0, the Iframe Dialog plugin applies the `sandbox` attribute by default, which restricts JavaScript code execution in the iframe element. To change this behavior, configure the `config.iframe_attributes` option. Also starting from version 4.21.0, the Media Embed plugin regenerates the entire content of the embed widget by default. To change this behavior, configure the `config.embed_keepOriginalContent` option. Those who choose to enable either of the more permissive options or who cannot upgrade to a patched version should properly configure Content Security Policy to avoid any potential security issues that may arise from embedding iframe elements on their web page.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28439

reference_id

reference_type

scores

value	0.0031
scoring_system	epss
scoring_elements	0.54139
published_at	2026-04-04T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.5411
published_at	2026-04-02T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54166
published_at	2026-04-08T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54115
published_at	2026-04-07T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58204
published_at	2026-04-21T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58221
published_at	2026-04-09T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58238
published_at	2026-04-11T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58214
published_at	2026-04-12T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58194
published_at	2026-04-13T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58226
published_at	2026-04-16T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58229
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28439

reference_url

https://ckeditor.com/cke4/addon/embed

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/

url

https://ckeditor.com/cke4/addon/embed

reference_url

https://ckeditor.com/cke4/addon/iframe

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/

url

https://ckeditor.com/cke4/addon/iframe

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28439
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28439

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034481
reference_id	1034481
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034481

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059301
reference_id	1059301
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059301

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-28439
reference_id	CVE-2023-28439
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-28439

reference_url

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g

reference_id

GHSA-vh5c-xwqv-cv9g

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/

url

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWKG2VCPJNETVCDTXU4X6FQ2PO6XCNGN/

reference_id

GWKG2VCPJNETVCDTXU4X6FQ2PO6XCNGN

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWKG2VCPJNETVCDTXU4X6FQ2PO6XCNGN/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4ODGOW6PYVOXHQSMWJBOCE6DXWAI33W/

reference_id

L4ODGOW6PYVOXHQSMWJBOCE6DXWAI33W

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4ODGOW6PYVOXHQSMWJBOCE6DXWAI33W/

reference_url	https://usn.ubuntu.com/7258-1/
reference_id	USN-7258-1
reference_type
scores
url	https://usn.ubuntu.com/7258-1/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCYKD3JZWWA3ESOZG4PHJJEXT4EYIUIQ/

reference_id

VCYKD3JZWWA3ESOZG4PHJJEXT4EYIUIQ

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCYKD3JZWWA3ESOZG4PHJJEXT4EYIUIQ/

fixed_packages

url pkg:npm/ckeditor4@4.21.0

purl pkg:npm/ckeditor4@4.21.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cjwn-p59n-8ygs

vulnerability	VCID-h8tt-ky69-fuch

vulnerability	VCID-uw7w-utew-ufb2

vulnerability	VCID-vc97-xds1-67gu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.21.0

aliases CVE-2023-28439, GHSA-vh5c-xwqv-cv9g

risk_score 2.1

exploitability 0.5

weighted_severity 4.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k7qp-c6vp-sqbg

url VCID-nj3a-eb59-jygs

vulnerability_id VCID-nj3a-eb59-jygs

summary

CKEditor 4.0 vulnerability in the HTML Data Processor
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14.0 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-9281

reference_id

reference_type

scores

value	0.01194
scoring_system	epss
scoring_elements	0.78808
published_at	2026-04-01T12:55:00Z

value	0.01194
scoring_system	epss
scoring_elements	0.78879
published_at	2026-04-21T12:55:00Z

value	0.01194
scoring_system	epss
scoring_elements	0.78883
published_at	2026-04-18T12:55:00Z

value	0.01194
scoring_system	epss
scoring_elements	0.78885
published_at	2026-04-16T12:55:00Z

value	0.01194
scoring_system	epss
scoring_elements	0.78857
published_at	2026-04-13T12:55:00Z

value	0.01194
scoring_system	epss
scoring_elements	0.78866
published_at	2026-04-12T12:55:00Z

value	0.01194
scoring_system	epss
scoring_elements	0.78882
published_at	2026-04-11T12:55:00Z

value	0.01194
scoring_system	epss
scoring_elements	0.78859
published_at	2026-04-09T12:55:00Z

value	0.01194
scoring_system	epss
scoring_elements	0.78853
published_at	2026-04-08T12:55:00Z

value	0.01194
scoring_system	epss
scoring_elements	0.78828
published_at	2026-04-07T12:55:00Z

value	0.01194
scoring_system	epss
scoring_elements	0.78844
published_at	2026-04-04T12:55:00Z

value	0.01194
scoring_system	epss
scoring_elements	0.78815
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-9281

reference_url

https://github.com/ckeditor/ckeditor4

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-9281

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-9281

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

https://github.com/advisories/GHSA-vcjf-mgcg-jxjq

reference_id

GHSA-vcjf-mgcg-jxjq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vcjf-mgcg-jxjq

reference_url	https://usn.ubuntu.com/5340-1/
reference_id	USN-5340-1
reference_type
scores
url	https://usn.ubuntu.com/5340-1/

reference_url	https://usn.ubuntu.com/USN-5340-2/
reference_id	USN-USN-5340-2
reference_type
scores
url	https://usn.ubuntu.com/USN-5340-2/

fixed_packages

url pkg:npm/ckeditor4@4.14.0

purl pkg:npm/ckeditor4@4.14.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17pr-6guy-53ge

vulnerability	VCID-4x92-vapt-n7dz

vulnerability	VCID-8hvk-a5es-v3e4

vulnerability	VCID-c8r2-wpf3-47f9

vulnerability	VCID-cjwn-p59n-8ygs

vulnerability	VCID-h5zz-wz8f-2uf6

vulnerability	VCID-h8tt-ky69-fuch

vulnerability	VCID-k7qp-c6vp-sqbg

vulnerability	VCID-s8u8-xbdk-87dj

vulnerability	VCID-sd2a-hmu2-wbax

vulnerability	VCID-un66-k85j-b7d2

vulnerability	VCID-uw7w-utew-ufb2

vulnerability	VCID-vc97-xds1-67gu

vulnerability	VCID-vj35-jtgq-8qbv

vulnerability	VCID-xhp7-kqdk-tfeu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.14.0

aliases CVE-2020-9281, GHSA-vcjf-mgcg-jxjq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nj3a-eb59-jygs

url VCID-qb4j-9tz7-m7a2

vulnerability_id VCID-qb4j-9tz7-m7a2

summary

Cross-site Scripting
CKEditor allows user-assisted XSS involving a source-mode paste.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-17960

reference_id

reference_type

scores

value	0.02024
scoring_system	epss
scoring_elements	0.83783
published_at	2026-04-11T12:55:00Z

value	0.02024
scoring_system	epss
scoring_elements	0.83808
published_at	2026-04-21T12:55:00Z

value	0.02024
scoring_system	epss
scoring_elements	0.83806
published_at	2026-04-16T12:55:00Z

value	0.02024
scoring_system	epss
scoring_elements	0.83773
published_at	2026-04-13T12:55:00Z

value	0.02024
scoring_system	epss
scoring_elements	0.83777
published_at	2026-04-12T12:55:00Z

value	0.02024
scoring_system	epss
scoring_elements	0.83706
published_at	2026-04-01T12:55:00Z

value	0.02024
scoring_system	epss
scoring_elements	0.8372
published_at	2026-04-02T12:55:00Z

value	0.02024
scoring_system	epss
scoring_elements	0.83734
published_at	2026-04-04T12:55:00Z

value	0.02024
scoring_system	epss
scoring_elements	0.83737
published_at	2026-04-07T12:55:00Z

value	0.02024
scoring_system	epss
scoring_elements	0.83761
published_at	2026-04-08T12:55:00Z

value	0.02024
scoring_system	epss
scoring_elements	0.83767
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-17960

reference_url

https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released

reference_url	https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/
reference_id
reference_type
scores
url	https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/

reference_url

https://ckeditor.com/cke4/release/CKEditor-4.11.0

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://ckeditor.com/cke4/release/CKEditor-4.11.0

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17960

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2018-005

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-core-sa-2018-005

reference_url

https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
reference_id	1015217
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-17960

reference_id

CVE-2018-17960

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-17960

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml

reference_id

CVE-2018-17960.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml

reference_id

CVE-2018-17960.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml

reference_url

https://github.com/advisories/GHSA-g68x-vvqq-pvw3

reference_id

GHSA-g68x-vvqq-pvw3

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-g68x-vvqq-pvw3

fixed_packages

url pkg:npm/ckeditor4@4.13.0

purl pkg:npm/ckeditor4@4.13.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-17pr-6guy-53ge

vulnerability	VCID-4x92-vapt-n7dz

vulnerability	VCID-8hvk-a5es-v3e4

vulnerability	VCID-c8r2-wpf3-47f9

vulnerability	VCID-cjwn-p59n-8ygs

vulnerability	VCID-h5zz-wz8f-2uf6

vulnerability	VCID-h8tt-ky69-fuch

vulnerability	VCID-k7qp-c6vp-sqbg

vulnerability	VCID-nj3a-eb59-jygs

vulnerability	VCID-sd2a-hmu2-wbax

vulnerability	VCID-un66-k85j-b7d2

vulnerability	VCID-uw7w-utew-ufb2

vulnerability	VCID-vc97-xds1-67gu

vulnerability	VCID-vj35-jtgq-8qbv

vulnerability	VCID-xhp7-kqdk-tfeu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.13.0

aliases CVE-2018-17960, GHSA-g68x-vvqq-pvw3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qb4j-9tz7-m7a2

url VCID-un66-k85j-b7d2

vulnerability_id VCID-un66-k85j-b7d2

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24728

reference_id

reference_type

scores

value	0.00796
scoring_system	epss
scoring_elements	0.73933
published_at	2026-04-07T12:55:00Z

value	0.00796
scoring_system	epss
scoring_elements	0.73937
published_at	2026-04-02T12:55:00Z

value	0.00796
scoring_system	epss
scoring_elements	0.73962
published_at	2026-04-04T12:55:00Z

value	0.00796
scoring_system	epss
scoring_elements	0.73967
published_at	2026-04-08T12:55:00Z

value	0.00796
scoring_system	epss
scoring_elements	0.73978
published_at	2026-04-13T12:55:00Z

value	0.00796
scoring_system	epss
scoring_elements	0.73986
published_at	2026-04-12T12:55:00Z

value	0.00796
scoring_system	epss
scoring_elements	0.74004
published_at	2026-04-11T12:55:00Z

value	0.00796
scoring_system	epss
scoring_elements	0.73981
published_at	2026-04-09T12:55:00Z

value	0.01069
scoring_system	epss
scoring_elements	0.77748
published_at	2026-04-21T12:55:00Z

value	0.01069
scoring_system	epss
scoring_elements	0.77755
published_at	2026-04-18T12:55:00Z

value	0.01069
scoring_system	epss
scoring_elements	0.77756
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24728

reference_url

https://ckeditor.com/cke4/release/CKEditor-4.18.0

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/

url

https://ckeditor.com/cke4/release/CKEditor-4.18.0

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24728
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24728

reference_url

https://github.com/ckeditor/ckeditor4

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4

reference_url

https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/

url

https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/

reference_url

https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4

reference_url	https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4/
reference_id
reference_type
scores
url	https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4/

reference_url

https://www.drupal.org/sa-core-2022-005

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/

url

https://www.drupal.org/sa-core-2022-005

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
reference_id	1015217
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-24728

reference_id

CVE-2022-24728

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-24728

reference_url

https://github.com/advisories/GHSA-4fc4-4p5g-6w89

reference_id

GHSA-4fc4-4p5g-6w89

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4fc4-4p5g-6w89

reference_url

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89

reference_id

GHSA-4fc4-4p5g-6w89

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/

url

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89

reference_url	https://usn.ubuntu.com/7258-1/
reference_id	USN-7258-1
reference_type
scores
url	https://usn.ubuntu.com/7258-1/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/

reference_id

VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/

reference_id

WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/

fixed_packages

url pkg:npm/ckeditor4@4.18.0

purl pkg:npm/ckeditor4@4.18.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cjwn-p59n-8ygs

vulnerability	VCID-h8tt-ky69-fuch

vulnerability	VCID-k7qp-c6vp-sqbg

vulnerability	VCID-uw7w-utew-ufb2

vulnerability	VCID-vc97-xds1-67gu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.18.0

aliases CVE-2022-24728, GHSA-4fc4-4p5g-6w89

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-un66-k85j-b7d2

url VCID-xhp7-kqdk-tfeu

vulnerability_id VCID-xhp7-kqdk-tfeu

summary

Improper Input Validation
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24729

reference_id

reference_type

scores

value	0.00845
scoring_system	epss
scoring_elements	0.74813
published_at	2026-04-21T12:55:00Z

value	0.00857
scoring_system	epss
scoring_elements	0.74973
published_at	2026-04-04T12:55:00Z

value	0.00857
scoring_system	epss
scoring_elements	0.74949
published_at	2026-04-07T12:55:00Z

value	0.00857
scoring_system	epss
scoring_elements	0.74983
published_at	2026-04-08T12:55:00Z

value	0.00857
scoring_system	epss
scoring_elements	0.74995
published_at	2026-04-09T12:55:00Z

value	0.00857
scoring_system	epss
scoring_elements	0.74944
published_at	2026-04-02T12:55:00Z

value	0.00857
scoring_system	epss
scoring_elements	0.74996
published_at	2026-04-12T12:55:00Z

value	0.00857
scoring_system	epss
scoring_elements	0.74986
published_at	2026-04-13T12:55:00Z

value	0.00857
scoring_system	epss
scoring_elements	0.75022
published_at	2026-04-16T12:55:00Z

value	0.00857
scoring_system	epss
scoring_elements	0.75029
published_at	2026-04-18T12:55:00Z

value	0.00857
scoring_system	epss
scoring_elements	0.75017
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24729

reference_url	https://ckeditor.com/cke4/release/CKEditor-4.18.0
reference_id
reference_type
scores
url	https://ckeditor.com/cke4/release/CKEditor-4.18.0

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24729
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24729

reference_url	https://www.drupal.org/sa-core-2022-005
reference_id
reference_type
scores
url	https://www.drupal.org/sa-core-2022-005

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-24729
reference_id	CVE-2022-24729
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-24729

reference_url	https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh
reference_id	GHSA-f6rf-9m92-x2hh
reference_type
scores
url	https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh

fixed_packages

url pkg:npm/ckeditor4@4.18.0

purl pkg:npm/ckeditor4@4.18.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cjwn-p59n-8ygs

vulnerability	VCID-h8tt-ky69-fuch

vulnerability	VCID-k7qp-c6vp-sqbg

vulnerability	VCID-uw7w-utew-ufb2

vulnerability	VCID-vc97-xds1-67gu

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.18.0

aliases CVE-2022-24729, GHSA-f6rf-9m92-x2hh

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xhp7-kqdk-tfeu

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.0.0

Package Instance