Количество 1 988
Количество 1 988
CVE-2016-5385
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 ...
BDU:2022-02391
Уязвимость модуля Advanced Content Filter WYSIWYG-редактора CKEditor , позволяющая нарушителю обойти существующую политику ограничения доступа для HTML-элементов
BDU:2022-02008
Уязвимость модуля обработки HTML-страниц WYSIWYG-редактора CKEditor, позволяющая нарушителю осуществлять межсайтовые сценарные атаки
BDU:2020-01708
Уязвимость пакета PharStreamWrapper системы управления контентом TYPO3, позволяющая нарушителю раскрыть защищаемую информацию
BDU:2021-05279
Уязвимость файла Tar.php пакета Archive_Tar библиотеки классов PHP PEAR, связанная с некорректным ограничением имени пути к каталогу, позволяющая нарушителю оказать воздействие на целостность данных
GHSA-4fc4-4p5g-6w89
Cross-site Scripting in CKEditor4
CVE-2022-24729
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
CVE-2022-24729
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
CVE-2022-24729
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...
CVE-2022-24728
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.
CVE-2022-24728
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.
CVE-2022-24728
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...
BDU:2021-05771
Уязвимость пакета Archive_Tar библиотеки PHP классов PEAR CMS-системы Drupal, позволяющая нарушителю оказать влияние на целостность, доступность и конфиденциальность данных
BDU:2021-03621
Уязвимость функции _maliciousFilename класса Archive_Tar библиотеки PHP классов PEAR, позволяющая нарушителю выполнить произвольный PHP-код
BDU:2021-03618
Уязвимость класса Archive_Tar библиотеки PHP классов PEAR, позволяющая нарушителю выполнить перезапись защищаемых файлов
GHSA-pvmx-g8h5-cprj
Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML
GHSA-7h26-63m7-qhf2
HTML comments vulnerability allowing to execute JavaScript code
CVE-2021-41165
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.
CVE-2021-41165
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.
CVE-2021-41165
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| CVE-2016-5385 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 ... | CVSS3: 8.1 | 76% Высокий | больше 9 лет назад |
 | BDU:2022-02391 Уязвимость модуля Advanced Content Filter WYSIWYG-редактора CKEditor , позволяющая нарушителю обойти существующую политику ограничения доступа для HTML-элементов | CVSS3: 5.4 | 0% Низкий | около 4 лет назад |
| BDU:2022-02008 Уязвимость модуля обработки HTML-страниц WYSIWYG-редактора CKEditor, позволяющая нарушителю осуществлять межсайтовые сценарные атаки | CVSS3: 8.2 | 0% Низкий | около 4 лет назад |
| BDU:2020-01708 Уязвимость пакета PharStreamWrapper системы управления контентом TYPO3, позволяющая нарушителю раскрыть защищаемую информацию | CVSS3: 7.3 | 11% Средний | больше 6 лет назад |
| BDU:2021-05279 Уязвимость файла Tar.php пакета Archive_Tar библиотеки классов PHP PEAR, связанная с некорректным ограничением имени пути к каталогу, позволяющая нарушителю оказать воздействие на целостность данных | CVSS3: 7.5 | 71% Высокий | около 5 лет назад |
| GHSA-4fc4-4p5g-6w89 Cross-site Scripting in CKEditor4 | CVSS3: 5.4 | 0% Низкий | почти 4 года назад |
 | CVE-2022-24729 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds. | CVSS3: 6.5 | 0% Низкий | почти 4 года назад |
 | CVE-2022-24729 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds. | CVSS3: 6.5 | 0% Низкий | почти 4 года назад |
| CVE-2022-24729 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ... | CVSS3: 6.5 | 0% Низкий | почти 4 года назад |
| CVE-2022-24728 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds. | CVSS3: 5.4 | 0% Низкий | почти 4 года назад |
| CVE-2022-24728 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds. | CVSS3: 5.4 | 0% Низкий | почти 4 года назад |
| CVE-2022-24728 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ... | CVSS3: 5.4 | 0% Низкий | почти 4 года назад |
| BDU:2021-05771 Уязвимость пакета Archive_Tar библиотеки PHP классов PEAR CMS-системы Drupal, позволяющая нарушителю оказать влияние на целостность, доступность и конфиденциальность данных | CVSS3: 7.1 | 1% Низкий | больше 4 лет назад |
| BDU:2021-03621 Уязвимость функции _maliciousFilename класса Archive_Tar библиотеки PHP классов PEAR, позволяющая нарушителю выполнить произвольный PHP-код | CVSS3: 8.8 | 76% Высокий | около 5 лет назад |
| BDU:2021-03618 Уязвимость класса Archive_Tar библиотеки PHP классов PEAR, позволяющая нарушителю выполнить перезапись защищаемых файлов | CVSS3: 8.8 | 93% Критический | около 5 лет назад |
| GHSA-pvmx-g8h5-cprj Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML | CVSS3: 8.2 | 0% Низкий | около 4 лет назад |
| GHSA-7h26-63m7-qhf2 HTML comments vulnerability allowing to execute JavaScript code | CVSS3: 8.2 | 0% Низкий | около 4 лет назад |
| CVE-2021-41165 CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0. | CVSS3: 8.2 | 0% Низкий | около 4 лет назад |
| CVE-2021-41165 CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0. | CVSS3: 8.2 | 0% Низкий | около 4 лет назад |
| CVE-2021-41165 CKEditor4 is an open source WYSIWYG HTML editor. In affected version a ... | CVSS3: 8.2 | 0% Низкий | около 4 лет назад |
Уязвимостей на страницу