Search for packages
| purl | pkg:deb/debian/ckeditor@3.6.1-1 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-c8r2-wpf3-47f9
Aliases: CVE-2021-26271 GHSA-jv4c-7jqq-m34x |
CKEditor 4 ReDoS Vulnerability It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin). |
Affected by 8 other vulnerabilities. |
|
VCID-h5zz-wz8f-2uf6
Aliases: CVE-2021-26272 GHSA-wpvm-wqr4-p7cw |
Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4 It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin). |
Affected by 8 other vulnerabilities. |
|
VCID-qb4j-9tz7-m7a2
Aliases: CVE-2018-17960 GHSA-g68x-vvqq-pvw3 |
Cross-site Scripting CKEditor allows user-assisted XSS involving a source-mode paste. |
Affected by 3 other vulnerabilities. |
|
VCID-s8u8-xbdk-87dj
Aliases: CVE-2021-33829 GHSA-rgx6-rjj4-c388 |
ckeditor4 vulnerable to cross-site scripting A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because `--!>` is mishandled. |
Affected by 8 other vulnerabilities. |
|
VCID-tkcr-ecev-k3af
Aliases: CVE-2014-5191 GHSA-v27h-j97p-wqmx |
The Preview plugin in CKEditor allows Cross-site scripting (XSS) Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||