HIGH8.2CVE-2021-41165HTML comments vulnerability allowing to execute JavaScript code from 0, < 4.17.0
HIGH8.2CVE-2021-41164Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML from 0, < 4.17.0
HIGH7.6CVE-2021-32808Widget feature vulnerability allowing to execute JavaScript code using undo functionality >= 4.13.0, < 4.16.2
HIGH7.3Fake objects feature vulnerability allowing to execute JavaScript code using malformed HTML.
from 0, < 4.16.2
MEDIUM6.5Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4
from 0, < 4.16.0
MEDIUM6.1Code Snippet GeSHi plugin in CKEditor 4 has reflected cross-site scripting (XSS) vulnerability
from 0, < 4.25.0
MEDIUM6.1CKEditor cross-site scripting vulnerability in AJAX sample
from 0, < 4.24.0-lts
MEDIUM6.1CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature
from 0, < 4.24.0-lts
MEDIUM6.1CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection
from 0, < 4.24.0-lts
MEDIUM6.1Improper Neutralization of Input During Web Page Generation in CKEditor4
from 0, < 4.15.1
MEDIUM6.1ckeditor - security update
>= 4.14.0, < 4.16.1
MEDIUM6.1CKEditor 4.0 vulnerability in the HTML Data Processor
from 0, < 4.14.0
MEDIUM5.4Cross-site Scripting in CKEditor4
from 0, < 4.18.0
MEDIUM4.6Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality
>= 4.5.2, < 4.16.2
LOW3.1CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover
>= 4.22.0, < 4.25.0