Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML
Vulnerability Description
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
CKEditor 跨站脚本漏洞
Vulnerability Description
CKEditor是一套开源的、基于网页的文字编辑器。 CKEditor 4 存在跨站脚本漏洞,该漏洞允许攻击者绕过内容清理注入格式错误的 HTML,这可能会导致执行 JavaScript 代码。
CVSS Information
N/A
Vulnerability Type
N/A