In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Cross-site Scripting (XSS) vulnerabilities in an interactive lesson.
Start learningUpgrade ckeditor-dev
to version 4.4.6
or greater.
ckeditor-dev is a browser-based WYSIWYG editor. Affected versions of this package were vulnerable to Cross-site Scripting (XSS) attacks. It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.
The vulnerability was found by Maco Cortes.
<>