CVE Alert: CVE-2024-45613
Vulnerability Summary: CVE-2024-45613
CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which might happen with a very specific editor configuration. This vulnerability only affects installations where the Block Toolbar plugin is enabled and either the General HTML Support (with a configuration that permits unsafe markup) or the HTML Embed plugin is also enabled. A fix for the problem is available in version 43.1.1. As a workaround, one may disable the block toolbar plugin.
Affected Endpoints:
No affected endpoints listed.
Published Date:
9/25/2024, 2:15:05 PM
🔥 CVSS Score:
Exploit Status:
Not ExploitedReferences:
- https://github.com/ckeditor/ckeditor5/releases/tag/v43.1.1
- https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-rgg8-g5x8-wr9v
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.