Vulnerabilities in ckeditor
19 resultsCVE-2022-24729MEDIUMRegular expression Denial of Service in dialog pluginEPSS 2.4%CVE-2021-21254MEDIUMRegular expression Denial of Service in Markdown pluginEPSS 1.8%CVE-2021-21391MEDIUMRegular expression Denial of Service in multiple packagesEPSS 1.7%CVE-2024-24816MEDIUMCross-site scripting (XSS) vulnerability in samples with enabled the preview featureEPSS 1.7%CVE-2021-41165HIGHHTML comments vulnerability allowing to execute JavaScript codeEPSS 1.5%CVE-2021-37695HIGHExecution of JavaScript code using malformed HTML in ckeditorEPSS 1.3%CVE-2021-41164HIGHAdvanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTMLEPSS 1.3%CVE-2021-32808HIGHCross-site scripting in ckeditor via abuse of undo functionalityEPSS 1.2%CVE-2021-32809MEDIUMArbitrary HTML injection vulnerability in ckeditorEPSS 1.2%CVE-2022-24728MEDIUMCross-site Scripting in CKEditor4EPSS 1.2%CVE-2023-28439MEDIUMckeditor4 plugins vulnerable to cross-site scripting caused by the editor instance destroying processEPSS 0.7%CVE-2024-24815MEDIUMCKEditor4 Cross-site scripting (XSS) vulnerability caused by incorrect CDATA detectionEPSS 0.7%CVE-2022-31175MEDIUMCross-site scripting caused by the editor instance destroying process in ckeditor5EPSS 0.6%CVE-2025-25299LOWCross-site scripting (XSS) in the real-time collaboration packageEPSS 0.6%CVE-2024-45613MEDIUMCKEditor 5 has Cross-site Scripting vulnerability in the clipboard packageEPSS 0.5%CVE-2024-43407MEDIUMCode Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerabilityEPSS 0.4%CVE-2024-43411LOWCKEditor4 has a low risk cross-site scripting (XSS) vulnerability from domain takeoverEPSS 0.4%CVE-2025-58064LOWCKEditor is susceptible to Cross-Site Scripting (XSS) through its clipboard packageEPSS 0.4%CVE-2026-28343MEDIUMCKEditor: Cross-site scripting (XSS) in the HTML Support packageEPSS 0.3%