CVE-2024-45613

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-45613

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45613.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-45613

Aliases

GHSA-rgg8-g5x8-wr9v

Related

UBUNTU-CVE-2024-45613

Published

2024-09-25T14:15:05Z

Modified

2025-05-28T10:40:58.869321Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which might happen with a very specific editor configuration. This vulnerability only affects installations where the Block Toolbar plugin is enabled and either the General HTML Support (with a configuration that permits unsafe markup) or the HTML Embed plugin is also enabled. A fix for the problem is available in version 43.1.1. As a workaround, one may disable the block toolbar plugin.

References

Affected packages

Git / github.com/ckeditor/ckeditor5

Affected ranges

Type: GIT
Repo: https://github.com/ckeditor/ckeditor5
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6b1e550ba3eee4618f36258ee2ed7cbbc2361246

Affected versions

10.*

10.1.0

v0.*

v0.1.0

v0.10.0

v0.11.0

v0.2.0

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.7.0

v0.9.0

v1.*

v1.0.0-alpha.1

v1.0.0-alpha.2

v1.0.0-beta.1

v1.0.0-beta.2

v1.0.0-beta.4

v10.*

v10.0.0

v10.0.1

v10.1.0

v11.*

v11.0.0

v11.0.1

v11.1.0

v11.1.1

v11.2.0

v12.*

v12.0.0

v12.1.0

v12.2.0

v12.3.0

v12.3.1

v12.4.0

v15.*

v15.0.0

v16.*

v16.0.0

v17.*

v17.0.0

v18.*

v18.0.0

v19.*

v19.0.0

v19.1.0

v19.1.1

v20.*

v20.0.0

v21.*

v21.0.0

v22.*

v22.0.0

v23.*

v23.0.0

v23.1.0

v24.*

v24.0.0

v25.*

v25.0.0

v26.*

v26.0.0

v27.*

v27.0.0

v27.1.0

v28.*

v28.0.0

v29.*

v29.0.0

v29.1.0

v29.2.0

v30.*

v30.0.0

v31.*

v31.0.0

v31.1.0

v32.*

v32.0.0

v33.*

v33.0.0

v34.*

v34.0.0

v34.1.0

v34.2.0

v35.*

v35.0.0

v35.0.1

v35.1.0

v35.2.0

v35.2.1

v35.3.0

v35.3.1

v35.3.2

v35.4.0

v36.*

v36.0.0

v36.0.1

v37.*

v37.0.0

v37.0.0-alpha.0

v37.0.0-alpha.1

v37.0.0-alpha.2

v37.0.0-alpha.3

v37.0.0-rc.0

v37.0.1

v37.1.0

v38.*

v38.0.0

v38.0.0-alpha.0

v38.0.0-rc.0

v38.0.0-rc.1

v38.0.1

v38.1.0

v38.1.1

v39.*

v39.0.0

v39.0.1

v39.0.2

v40.*

v40.0.0

v40.1.0

v40.2.0

v41.*

v41.0.0

v41.1.0

v41.2.0

v41.2.1

v41.3.0

v41.3.0-alpha.0

v41.3.0-alpha.1

v41.3.0-alpha.2

v41.3.0-alpha.3

v41.3.0-alpha.4

v41.3.1

v41.4.0

v41.4.0-alpha.0

v41.4.1

v41.4.2

v42.*

v42.0.0

v42.0.1

v42.0.2

v43.*

v43.0.0

v43.1.0