Homepage

@ckeditor/ckeditor5-real-time-collaboration@44.2.0-alpha.4 vulnerabilities

A set of CKEditor 5 features enabling real-time collaboration within the editor using CKEditor Cloud Services.

  • latest version

    44.2.1

  • latest non vulnerable version

    44.2.1

  • first published

    6 years ago

  • latest version published

    3 days ago

  • licenses detected

  • View ckeditor5-real-time-collaboration package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the @ckeditor/ckeditor5-real-time-collaboration package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • L
    Cross-site Scripting (XSS)

    @ckeditor/ckeditor5-real-time-collaboration is an A set of CKEditor 5 features enabling real-time collaboration within the editor using CKEditor Cloud Services.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the user markers. An attacker can execute unauthorized JavaScript code by exploiting specific editor configurations and token endpoint settings.

    Note:

    This is only exploitable if Real-time collaborative editing is enabled.

    How to fix Cross-site Scripting (XSS)?

    Upgrade @ckeditor/ckeditor5-real-time-collaboration to version 44.2.0 or higher.

    >=41.3.0 <44.2.0
    Go back to all versions of this package