Search for packages
| purl | pkg:npm/ckeditor5-premium-features@44.0.0-alpha.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3htn-j487-3ydn
Aliases: CVE-2025-25299 GHSA-j3mm-wmfm-mwvh |
Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package ### Impact During a recent internal audit, we identified a Cross-Site Scripting (XSS) vulnerability in the CKEditor 5 real-time collaboration package. This vulnerability can lead to unauthorized JavaScript code execution and affects user markers, which represent users' positions within the document. This vulnerability affects only installations with [Real-time collaborative editing](https://ckeditor.com/docs/ckeditor5/latest/features/collaboration/real-time-collaboration/real-time-collaboration.html) enabled. ### Patches The problem has been recognized and patched. The fix will be available in version 44.2.1 (and above). ### For more information Email us at [security@cksource.com](mailto:security@cksource.com) if you have any questions or comments about this advisory. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T23:21:23.023516+00:00 | GitLab Importer | Affected by | VCID-3htn-j487-3ydn | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ckeditor5-premium-features/CVE-2025-25299.yml | 38.4.0 |
| 2026-04-12T00:40:25.681461+00:00 | GitLab Importer | Affected by | VCID-3htn-j487-3ydn | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ckeditor5-premium-features/CVE-2025-25299.yml | 38.3.0 |
| 2026-04-03T00:48:20.558264+00:00 | GitLab Importer | Affected by | VCID-3htn-j487-3ydn | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ckeditor5-premium-features/CVE-2025-25299.yml | 38.1.0 |