VulnerableCode Package Details - pkg:deb/debian/ckeditor@4.22.1%2Bdfsg1-2

Search for packages

Vulnerability	Summary	Fixed by
VCID-3tqv-ppue-57fr Aliases: CVE-2024-43411 GHSA-6v96-m24v-f58j	CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover ### Affected Packages The issue impacts only editor instances with enabled [version notifications](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_config.html#cfg-versionCheck). Please note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are unsure, please [contact us](mailto:security@cksource.com). ### Impact A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on CKEditor 4 instances. Although the vulnerability is purely hypothetical, we have addressed it in CKEditor 4.25.0-lts to ensure compliance with security best practices. ### Patches The issue has been recognized and patched. The fix is available in version 4.25.0-lts. ### For More Information If you have any questions or comments about this advisory, please email us at [security@cksource.com](mailto:security@cksource.com).	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-3tqv-ppue-57fr
Aliases:
CVE-2024-43411
GHSA-6v96-m24v-f58j

CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover ### Affected Packages The issue impacts only editor instances with enabled [version notifications](https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_config.html#cfg-versionCheck). Please note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are unsure, please [contact us](mailto:security@cksource.com). ### Impact A theoretical vulnerability has been identified in CKEditor 4.22 (and above). In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on CKEditor 4 instances. Although the vulnerability is purely hypothetical, we have addressed it in CKEditor 4.25.0-lts to ensure compliance with security best practices. ### Patches The issue has been recognized and patched. The fix is available in version 4.25.0-lts. ### For More Information If you have any questions or comments about this advisory, please email us at [security@cksource.com](mailto:security@cksource.com).

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T17:11:44.439364+00:00	Debian Importer	Affected by	VCID-3tqv-ppue-57fr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:06:43.678493+00:00	Debian Importer	Fixing	VCID-k7qp-c6vp-sqbg	https://security-tracker.debian.org/tracker/data/json	38.1.0

2026-04-02T17:11:44.439364+00:00

Debian Importer

Affected by

VCID-3tqv-ppue-57fr

https://security-tracker.debian.org/tracker/data/json

38.1.0

2026-04-02T17:06:43.678493+00:00

Debian Importer

Fixing

VCID-k7qp-c6vp-sqbg

https://security-tracker.debian.org/tracker/data/json

38.1.0

purl	pkg:deb/debian/ckeditor@4.22.1%2Bdfsg1-2
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.1