Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-24728

Опубликовано: 16 мар. 2022
Источник: nvd
CVSS3: 5.4
CVSS2: 3.5
EPSS Низкий

Описание

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:ckeditor:ckeditor:*:*:*:*:*:*:*:*
Версия от 4.0 (включая) до 4.18.0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Версия от 8.0.0 (включая) до 9.2.15 (исключая)
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Версия от 9.3.0 (включая) до 9.3.8 (исключая)
Конфигурация 3

Одно из

cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*
Версия до 22.1.1 (исключая)
cpe:2.3:a:oracle:commerce_merchandising:11.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*
Версия от 8.0.7.0.0 (включая) до 8.1.0.0.0 (включая)
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*
Версия от 8.1.1.0 (включая) до 8.1.2.1 (включая)
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

EPSS

Процентиль: 70%
0.00668
Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79
CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2022-24728

CVSS3: 5.4
ubuntu
больше 3 лет назад

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.

debian логотип

CVE-2022-24728

CVSS3: 5.4
debian
больше 3 лет назад

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...

github логотип

GHSA-4fc4-4p5g-6w89

CVSS3: 5.4
github
больше 3 лет назад

Cross-site Scripting in CKEditor4

EPSS

Процентиль: 70%
0.00668
Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79
CWE-79