{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40440?format=json","vulnerability_id":"VCID-qxab-9uwr-yqhv","summary":"Cross-site Scripting\nCKEditor allows user-assisted XSS involving a source-mode paste.","aliases":[{"alias":"CVE-2018-17960"},{"alias":"GHSA-g68x-vvqq-pvw3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57073?format=json","purl":"pkg:composer/typo3/cms@8.7.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/57074?format=json","purl":"pkg:composer/typo3/cms@9.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/57058?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/57059?format=json","purl":"pkg:composer/typo3/cms-core@9.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/57026?format=json","purl":"pkg:npm/ckeditor@4.11.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor@4.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/57030?format=json","purl":"pkg:npm/ckeditor4@4.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e4fg-q8d2-pkan"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.13.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52638?format=json","purl":"pkg:composer/typo3/cms@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2r7u-mc45-8yhe"},{"vulnerability":"VCID-2rhr-8vaz-hqfj"},{"vulnerability":"VCID-2vpx-fqb6-aqfa"},{"vulnerability":"VCID-39jx-muqb-nkfq"},{"vulnerability":"VCID-3ugj-6m1e-e3hr"},{"vulnerability":"VCID-4eym-e6vt-8fbs"},{"vulnerability":"VCID-5dxs-cdht-27hw"},{"vulnerability":"VCID-66ru-n2df-b3ay"},{"vulnerability":"VCID-727q-h3ey-6yc9"},{"vulnerability":"VCID-7ch1-q9f4-a7bt"},{"vulnerability":"VCID-7m6u-k5tp-gkhy"},{"vulnerability":"VCID-8p64-6zpt-t3av"},{"vulnerability":"VCID-953t-q1cr-zyd6"},{"vulnerability":"VCID-9saf-w56y-pugz"},{"vulnerability":"VCID-abjx-8v46-d7d8"},{"vulnerability":"VCID-am6s-67bm-77dr"},{"vulnerability":"VCID-bn3p-39sv-6fdg"},{"vulnerability":"VCID-bq2j-t19h-zyad"},{"vulnerability":"VCID-d6c2-upx1-e7cd"},{"vulnerability":"VCID-dsqm-9q3e-dudw"},{"vulnerability":"VCID-e564-zdku-9fc6"},{"vulnerability":"VCID-emqq-kwjg-3kfk"},{"vulnerability":"VCID-eutz-mj58-audb"},{"vulnerability":"VCID-fdnw-2tz5-4fdr"},{"vulnerability":"VCID-fut7-bb1f-37g7"},{"vulnerability":"VCID-gk79-jtuz-myh6"},{"vulnerability":"VCID-h217-xe8x-nua3"},{"vulnerability":"VCID-h7cg-64er-uya9"},{"vulnerability":"VCID-h7hf-sf2q-73ay"},{"vulnerability":"VCID-hp99-ncuh-6ugv"},{"vulnerability":"VCID-hzma-cduk-3uhp"},{"vulnerability":"VCID-j8hk-bqnb-gycp"},{"vulnerability":"VCID-jeqr-9tfu-f7b2"},{"vulnerability":"VCID-jq5y-7h9g-mufa"},{"vulnerability":"VCID-jqe4-8hzb-mfea"},{"vulnerability":"VCID-k5t3-28es-h3ez"},{"vulnerability":"VCID-khpm-e1xb-hydb"},{"vulnerability":"VCID-ks1q-a8x2-uqht"},{"vulnerability":"VCID-m3nc-xbb4-yubr"},{"vulnerability":"VCID-mctp-nf36-7qdn"},{"vulnerability":"VCID-njsj-bwjq-fyap"},{"vulnerability":"VCID-nney-azbc-pucg"},{"vulnerability":"VCID-pmvp-twk2-jqe4"},{"vulnerability":"VCID-q52p-xfj8-gygd"},{"vulnerability":"VCID-qxab-9uwr-yqhv"},{"vulnerability":"VCID-ru6w-m6q6-27gn"},{"vulnerability":"VCID-sdjb-gp4t-vbgt"},{"vulnerability":"VCID-sdsa-mh76-kqch"},{"vulnerability":"VCID-sy7r-d6pv-yba9"},{"vulnerability":"VCID-u259-2sxq-tbct"},{"vulnerability":"VCID-u4tq-8qnk-5fd7"},{"vulnerability":"VCID-uq77-aax5-k7d8"},{"vulnerability":"VCID-vw2r-g8yy-eyf4"},{"vulnerability":"VCID-w58p-3wg1-7ycr"},{"vulnerability":"VCID-wy45-2gmr-fkfg"},{"vulnerability":"VCID-x5x1-w7yv-eye9"},{"vulnerability":"VCID-xh68-defe-f7ce"},{"vulnerability":"VCID-y7ds-p5r2-yuhq"},{"vulnerability":"VCID-ygw4-jdqu-4fbt"},{"vulnerability":"VCID-yn6z-9v7k-x7br"},{"vulnerability":"VCID-yz6t-ge1y-qfgr"},{"vulnerability":"VCID-zmwv-gwq3-fkej"},{"vulnerability":"VCID-zrz3-3dnf-tbay"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/55352?format=json","purl":"pkg:composer/typo3/cms@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rhr-8vaz-hqfj"},{"vulnerability":"VCID-3ugj-6m1e-e3hr"},{"vulnerability":"VCID-3ye6-vqje-abh4"},{"vulnerability":"VCID-4eym-e6vt-8fbs"},{"vulnerability":"VCID-4jck-w9ct-budk"},{"vulnerability":"VCID-7ch1-q9f4-a7bt"},{"vulnerability":"VCID-7m6u-k5tp-gkhy"},{"vulnerability":"VCID-7xv1-78u7-xufp"},{"vulnerability":"VCID-953t-q1cr-zyd6"},{"vulnerability":"VCID-9adx-p876-kyb5"},{"vulnerability":"VCID-a1g9-pyz5-9fca"},{"vulnerability":"VCID-abjx-8v46-d7d8"},{"vulnerability":"VCID-am6s-67bm-77dr"},{"vulnerability":"VCID-cvk2-93hm-gkhx"},{"vulnerability":"VCID-dsqm-9q3e-dudw"},{"vulnerability":"VCID-emqq-kwjg-3kfk"},{"vulnerability":"VCID-fut7-bb1f-37g7"},{"vulnerability":"VCID-hp99-ncuh-6ugv"},{"vulnerability":"VCID-j8hk-bqnb-gycp"},{"vulnerability":"VCID-je4q-svfw-hqda"},{"vulnerability":"VCID-jq5y-7h9g-mufa"},{"vulnerability":"VCID-k5t3-28es-h3ez"},{"vulnerability":"VCID-khpm-e1xb-hydb"},{"vulnerability":"VCID-njsj-bwjq-fyap"},{"vulnerability":"VCID-nney-azbc-pucg"},{"vulnerability":"VCID-pmvp-twk2-jqe4"},{"vulnerability":"VCID-qv14-m93d-jyd9"},{"vulnerability":"VCID-qxab-9uwr-yqhv"},{"vulnerability":"VCID-ru6w-m6q6-27gn"},{"vulnerability":"VCID-sdjb-gp4t-vbgt"},{"vulnerability":"VCID-sdsa-mh76-kqch"},{"vulnerability":"VCID-u259-2sxq-tbct"},{"vulnerability":"VCID-uq77-aax5-k7d8"},{"vulnerability":"VCID-vq15-t92r-5bhx"},{"vulnerability":"VCID-vw2r-g8yy-eyf4"},{"vulnerability":"VCID-w1wb-mq2y-dfca"},{"vulnerability":"VCID-x5x1-w7yv-eye9"},{"vulnerability":"VCID-y7ds-p5r2-yuhq"},{"vulnerability":"VCID-yz6t-ge1y-qfgr"},{"vulnerability":"VCID-zmwv-gwq3-fkej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/56072?format=json","purl":"pkg:composer/typo3/cms-core@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-2m67-xdxz-ryc2"},{"vulnerability":"VCID-2rhr-8vaz-hqfj"},{"vulnerability":"VCID-3hta-35zx-zuc4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-7ch1-q9f4-a7bt"},{"vulnerability":"VCID-7r4g-gxc6-hubh"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-b92x-56ng-3ygy"},{"vulnerability":"VCID-bzqv-s7g3-wff9"},{"vulnerability":"VCID-cg7w-xkyg-abgj"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-daz8-j1ns-rkgt"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-e9jc-8mpp-fkgh"},{"vulnerability":"VCID-hfcx-1kuh-p3ez"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-j8hk-bqnb-gycp"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-nyw8-q5ef-2fcv"},{"vulnerability":"VCID-pwh8-c992-vqav"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-qxab-9uwr-yqhv"},{"vulnerability":"VCID-sdjb-gp4t-vbgt"},{"vulnerability":"VCID-uaf3-fyst-u7gm"},{"vulnerability":"VCID-uncp-sa58-ufdd"},{"vulnerability":"VCID-uq77-aax5-k7d8"},{"vulnerability":"VCID-uua1-9rt1-dfbz"},{"vulnerability":"VCID-w94g-xxea-23fb"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-y3zj-acc7-jkau"},{"vulnerability":"VCID-z2bk-m2kw-h3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/56073?format=json","purl":"pkg:composer/typo3/cms-core@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-2m67-xdxz-ryc2"},{"vulnerability":"VCID-2rhr-8vaz-hqfj"},{"vulnerability":"VCID-3hta-35zx-zuc4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-7ch1-q9f4-a7bt"},{"vulnerability":"VCID-7r4g-gxc6-hubh"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-a1g9-pyz5-9fca"},{"vulnerability":"VCID-bzqv-s7g3-wff9"},{"vulnerability":"VCID-cf9m-qdyj-eyav"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-daz8-j1ns-rkgt"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-e9jc-8mpp-fkgh"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-hfcx-1kuh-p3ez"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-j8hk-bqnb-gycp"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-nyw8-q5ef-2fcv"},{"vulnerability":"VCID-pwh8-c992-vqav"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-qxab-9uwr-yqhv"},{"vulnerability":"VCID-sdjb-gp4t-vbgt"},{"vulnerability":"VCID-uaf3-fyst-u7gm"},{"vulnerability":"VCID-uncp-sa58-ufdd"},{"vulnerability":"VCID-uq77-aax5-k7d8"},{"vulnerability":"VCID-uua1-9rt1-dfbz"},{"vulnerability":"VCID-v7b1-x8hy-2kcg"},{"vulnerability":"VCID-w94g-xxea-23fb"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-y3zj-acc7-jkau"},{"vulnerability":"VCID-z2bk-m2kw-h3c9"},{"vulnerability":"VCID-zbm9-cx69-wqg3"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/57025?format=json","purl":"pkg:npm/ckeditor@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2mmd-x6ge-fuaw"},{"vulnerability":"VCID-2nbt-ysxu-d3bu"},{"vulnerability":"VCID-fm9y-ujc1-qbaq"},{"vulnerability":"VCID-qxab-9uwr-yqhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor@4.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/57029?format=json","purl":"pkg:npm/ckeditor4@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2mmd-x6ge-fuaw"},{"vulnerability":"VCID-2nbt-ysxu-d3bu"},{"vulnerability":"VCID-cbgv-19kg-z7a9"},{"vulnerability":"VCID-fm9y-ujc1-qbaq"},{"vulnerability":"VCID-qxab-9uwr-yqhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.0.0"}],"references":[{"reference_url":"https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/","reference_id":"","reference_type":"","scores":[],"url":"https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/"},{"reference_url":"https://ckeditor.com/cke4/release/CKEditor-4.11.0","reference_id":"","reference_type":"","scores":[],"url":"https://ckeditor.com/cke4/release/CKEditor-4.11.0"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-005","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-005"},{"reference_url":"https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17960","reference_id":"CVE-2018-17960","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17960"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml","reference_id":"CVE-2018-17960.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml","reference_id":"CVE-2018-17960.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml"},{"reference_url":"https://github.com/advisories/GHSA-g68x-vvqq-pvw3","reference_id":"GHSA-g68x-vvqq-pvw3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g68x-vvqq-pvw3"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":79,"name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxab-9uwr-yqhv"}