BIT-drupal-2022-24728

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/drupal/BIT-drupal-2022-24728.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-drupal-2022-24728
Aliases
Published
2024-03-06T10:54:20.270Z
Modified
2025-04-03T14:40:37.652Z
Summary
[none]
Details

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.

Database specific
{
    "cpes": [
        "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / drupal

Package

Name
drupal
Purl
pkg:bitnami/drupal

Severity

  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
8.0.0
Fixed
9.2.15
Introduced
9.3.0
Fixed
9.3.8