Vulnerability CVE-2022-48110


Published: 2023-02-13

Description:
CKSource CKEditor5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget.

See advisories in our WLB2 database:
Topic
Author
Date
Low
CKSource CKEditor5 35.4.0 Cross Site Scripting
Manish Pathak
09.02.2023

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://packetstormsecurity.com/files/170927/CKSource-CKEditor5-35.4.0-Cross-Site-Scripting.html
https://ckeditor.com/docs/ckeditor5/latest/features/html-embed.html

Copyright 2024, cxsecurity.com

 

Back to Top