漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
CKEditor: Cross-site scripting (XSS) in the HTML Support package
Vulnerability Description
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Starting in version 29.0.0 and prior to version 47.6.0, a cross-site scripting (XSS) vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially crafted markup, leading to unauthorized JavaScript code execution, if the editor instance used an unsafe General HTML Support configuration. This issue has been patched in version 47.6.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
CKEditor 跨站脚本漏洞
Vulnerability Description
CKEditor是CKEditor开源的一个企业级 WYSIWYG 编辑器。 CKEditor 5 47.6.0之前版本存在跨站脚本漏洞,该漏洞源于General HTML Support功能存在跨站脚本,可能导致执行未经授权的JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A