Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/ckeditor5@35.0.1
Typenpm
Namespace
Nameckeditor5
Version35.0.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version47.6.0
Latest_non_vulnerable_version47.6.0
Affected_by_vulnerabilities
0
url VCID-6q1k-xwcb-53hm
vulnerability_id VCID-6q1k-xwcb-53hm
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CKSource CKEditor5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-48110
reference_id
reference_type
scores
0
value 0.01266
scoring_system epss
scoring_elements 0.79428
published_at 2026-04-07T12:55:00Z
1
value 0.01266
scoring_system epss
scoring_elements 0.79492
published_at 2026-04-21T12:55:00Z
2
value 0.01266
scoring_system epss
scoring_elements 0.7949
published_at 2026-04-16T12:55:00Z
3
value 0.01266
scoring_system epss
scoring_elements 0.7947
published_at 2026-04-12T12:55:00Z
4
value 0.01266
scoring_system epss
scoring_elements 0.79487
published_at 2026-04-18T12:55:00Z
5
value 0.01266
scoring_system epss
scoring_elements 0.79465
published_at 2026-04-09T12:55:00Z
6
value 0.01266
scoring_system epss
scoring_elements 0.79456
published_at 2026-04-08T12:55:00Z
7
value 0.01266
scoring_system epss
scoring_elements 0.79459
published_at 2026-04-13T12:55:00Z
8
value 0.0296
scoring_system epss
scoring_elements 0.86427
published_at 2026-04-02T12:55:00Z
9
value 0.0296
scoring_system epss
scoring_elements 0.86446
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-48110
1
reference_url https://ckeditor.com/docs/ckeditor5/latest/features/html-embed.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T12:58:12Z/
url https://ckeditor.com/docs/ckeditor5/latest/features/html-embed.html
2
reference_url https://github.com/ckeditor/ckeditor5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor5
3
reference_url https://packetstormsecurity.com/files/170927/CKSource-CKEditor5-35.4.0-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T12:58:12Z/
url https://packetstormsecurity.com/files/170927/CKSource-CKEditor5-35.4.0-Cross-Site-Scripting.html
4
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51260.txt
reference_id CVE-2022-48110
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51260.txt
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-48110
reference_id CVE-2022-48110
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-48110
6
reference_url https://github.com/advisories/GHSA-6p89-3p7c-qrhv
reference_id GHSA-6p89-3p7c-qrhv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6p89-3p7c-qrhv
fixed_packages
0
url pkg:npm/ckeditor5@36.0.0
purl pkg:npm/ckeditor5@36.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dc1k-hva1-pkbs
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@36.0.0
aliases CVE-2022-48110, GHSA-6p89-3p7c-qrhv
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6q1k-xwcb-53hm
1
url VCID-dc1k-hva1-pkbs
vulnerability_id VCID-dc1k-hva1-pkbs
summary 
CKEditor 5 has Cross-site Scripting (XSS) in the HTML Support package
### Impact
A Cross-Site Scripting (XSS) vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially crafted markup, leading to unauthorized JavaScript code execution, if the editor instance used an unsafe General HTML Support configuration.

This vulnerability affects only installations where the editor configuration meets the following criteria:

* [General HTML Support](https://ckeditor.com/docs/ckeditor5/latest/features/html/general-html-support.html) is enabled,
* General HTML Support configuration allows inserting unsafe markup (see [Security](https://ckeditor.com/docs/ckeditor5/latest/features/html/general-html-support.html#security) section to learn more).

### Patches
The problem has been recognized and patched. The fix will be available in version 47.6.0 (and above).

### Workarounds
CKEditor 5 recommends configuring General HTML Support securely to ensure that unsafe content is not accepted. Please refer to the [Security](https://ckeditor.com/docs/ckeditor5/latest/features/html/general-html-support.html#security) section for detailed guidance.

### Credits
CKEditor 5 would like to thank: 
- Emilio Kevin
- Jeongwoo Lee, Younsoung Kim, Minseok Kim and Jinyeong Kim from ENKI Whitehat

for responsibly reporting this vulnerability.

### For more information
Email us at [security@cksource.com](mailto:security@cksource.com) if you have any questions or comments about this advisory.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28343
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11151
published_at 2026-04-04T12:55:00Z
1
value 0.00037
scoring_system epss
scoring_elements 0.11088
published_at 2026-04-02T12:55:00Z
2
value 0.00043
scoring_system epss
scoring_elements 0.12953
published_at 2026-04-21T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.12852
published_at 2026-04-16T12:55:00Z
4
value 0.00043
scoring_system epss
scoring_elements 0.12952
published_at 2026-04-13T12:55:00Z
5
value 0.00043
scoring_system epss
scoring_elements 0.12939
published_at 2026-04-07T12:55:00Z
6
value 0.00043
scoring_system epss
scoring_elements 0.12854
published_at 2026-04-18T12:55:00Z
7
value 0.00043
scoring_system epss
scoring_elements 0.12998
published_at 2026-04-12T12:55:00Z
8
value 0.00043
scoring_system epss
scoring_elements 0.13037
published_at 2026-04-11T12:55:00Z
9
value 0.00043
scoring_system epss
scoring_elements 0.13068
published_at 2026-04-09T12:55:00Z
10
value 0.00043
scoring_system epss
scoring_elements 0.13018
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28343
1
reference_url https://github.com/ckeditor/ckeditor5
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor5
2
reference_url https://github.com/ckeditor/ckeditor5/releases/tag/v29.0.0
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-06T17:56:09Z/
url https://github.com/ckeditor/ckeditor5/releases/tag/v29.0.0
3
reference_url https://github.com/ckeditor/ckeditor5/releases/tag/v47.6.0
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-06T17:56:09Z/
url https://github.com/ckeditor/ckeditor5/releases/tag/v47.6.0
4
reference_url https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-jrqm-vmqc-gm93
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-06T17:56:09Z/
url https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-jrqm-vmqc-gm93
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28343
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28343
6
reference_url https://github.com/advisories/GHSA-jrqm-vmqc-gm93
reference_id GHSA-jrqm-vmqc-gm93
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jrqm-vmqc-gm93
fixed_packages
0
url pkg:npm/ckeditor5@47.6.0
purl pkg:npm/ckeditor5@47.6.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@47.6.0
aliases CVE-2026-28343, GHSA-jrqm-vmqc-gm93
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dc1k-hva1-pkbs
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/ckeditor5@35.0.1