Описание
ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor. It has been discovered that the ckeditor-wordcount-plugin plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. This issue has been addressed in version 1.17.12 of the ckeditor-wordcount-plugin plugin and users are advised to upgrade. There are no known workarounds for this vulnerability.
Ссылки
- Patch
- Patch
- Vendor Advisory
- Patch
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.17.12 (исключая)
cpe:2.3:a:ckeditor-wordcount-plugin_project:ckeditor-wordcount-plugin:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 65%
0.00495
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 2 лет назад
ckeditor-wordcount-plugin vulnerable to Cross-site Scripting in Source Mode of Editor
EPSS
Процентиль: 65%
0.00495
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79