Search for packages
| purl | pkg:npm/ckeditor@4.11.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-pwe8-razn-buae | Ckeditor XSS Vulnerability CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. It was possible to execute XSS inside the CKEditor source area after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode. Although this is an unlikely scenario, it is recommended to upgrade to the latest editor version. |
CVE-2018-17960
GHSA-g68x-vvqq-pvw3 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-01T18:11:19.656423+00:00 | GitLab Importer | Fixing | VCID-pwe8-razn-buae | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ckeditor/CVE-2018-17960.yml | 36.1.3 |
| 2025-07-01T14:29:31.563521+00:00 | GHSA Importer | Fixing | VCID-pwe8-razn-buae | https://github.com/advisories/GHSA-g68x-vvqq-pvw3 | 36.1.3 |
| 2025-07-01T12:21:23.433046+00:00 | GithubOSV Importer | Fixing | VCID-pwe8-razn-buae | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/11/GHSA-g68x-vvqq-pvw3/GHSA-g68x-vvqq-pvw3.json | 36.1.3 |