org.webjars.npm:ckeditor@4.7.0 vulnerabilities
-
latest version
4.12.1
-
latest non vulnerable version
-
first published
7 years ago
-
latest version published
5 years ago
-
licenses detected
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.webjars.npm:ckeditor package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
ckeditor is a A highly configurable WYSIWYG HTML editor. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. It was possible to execute XSS inside CKEditor after persuading the victim to switch CKEditor to source mode, then paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and switch back to How to fix Cross-site Scripting (XSS)? Upgrade |
[4.0.0,4.11.0)
|