Security

SECURITY.md

Reporting a security issues

If you believe you have found a security issue in the CKEditor 4 software, please contact us immediately.

When reporting a potential security problem, please bear this in mind:

Make sure to provide as many details as possible about the vulnerability.
Please do not disclose publicly any security issues until we fix them and publish security releases.

Contact the security team at security@cksource.com. As soon as we receive the security report, we will work promptly to confirm the issue and then to provide a security fix.

Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature
GHSA-mw2c-vx6j-mg76 published Feb 7, 2024 by jacekbogdanski

Low
Cross-site scripting (XSS) vulnerability in AJAX sample
GHSA-wh5w-82f3-wrxh published Feb 7, 2024 by jacekbogdanski

Low
Cross-site scripting (XSS) vulnerability caused by incorrect CDATA detection
GHSA-fq6h-4g8v-qqvm published Feb 7, 2024 by jacekbogdanski

Moderate
Cross-site scripting (XSS) caused by the editor instance destroying process
GHSA-vh5c-xwqv-cv9g published Mar 22, 2023 by jacekbogdanski

Low
Regular expression Denial of Service in dialog plugin
GHSA-f6rf-9m92-x2hh published Mar 16, 2022 by jacekbogdanski

Low
HTML processing vulnerability allowing to execute JavaScript code
GHSA-4fc4-4p5g-6w89 published Mar 16, 2022 by jacekbogdanski

Moderate
Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML
GHSA-pvmx-g8h5-cprj published Nov 17, 2021 by jacekbogdanski

Moderate
HTML comments vulnerability allowing to execute JavaScript code
GHSA-7h26-63m7-qhf2 published Nov 17, 2021 by jacekbogdanski

Moderate
Fake objects feature vulnerability allowing to execute JavaScript code using malformed HTML
GHSA-m94c-37g6-cjhc published Aug 12, 2021 by jacekbogdanski

Moderate
Widget feature vulnerability allowing to execute JavaScript code using undo functionality
GHSA-6226-h7ff-ch6c published Aug 12, 2021 by jacekbogdanski

Low

Learn more about advisories related to ckeditor/ckeditor4 in the GitHub Advisory Database