CVE-2024-45613— CKEditor 跨站脚本漏洞

CKEditor 5 has Cross-site Scripting vulnerability in the clipboard package

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which might happen with a very specific editor configuration. This vulnerability only affects installations where the Block Toolbar plugin is enabled and either the General HTML Support (with a configuration that permits unsafe markup) or the HTML Embed plugin is also enabled. A fix for the problem is available in version 43.1.1. As a workaround, one may disable the block toolbar plugin.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

CKEditor 跨站脚本漏洞

CKEditor是Marek Lewandowski个人开发者的一套开源的、基于网页的文字编辑器。 CKEditor 5 40.0.0版本至43.1.1之前之前版本存在跨站脚本漏洞，该漏洞源于存在跨站脚本(XSS)，从而导致未经授权的JavaScript代码执行。

N/A

N/A