Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Ckeditor Subscribe
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-17960 1 Ckeditor 1 Ckeditor 2019-07-16 4.3 MEDIUM 6.1 MEDIUM
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
CVE-2012-4000 1 Ckeditor 1 Fckeditor 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.
CVE-2012-2066 2 Ckeditor, Drupal 3 Ckeditor, Fckeditor, Drupal 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2067 2 Ckeditor, Drupal 3 Ckeditor, Fckeditor, Drupal 2017-08-28 6.8 MEDIUM N/A
Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote attackers to execute arbitrary PHP code via the text parameter to a text filter. NOTE: some of these details are obtained from third party information.
CVE-2014-5191 1 Ckeditor 1 Ckeditor 2015-09-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4037 1 Ckeditor 1 Fckeditor 2015-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an array key in the textinputs[] parameter, a different issue than CVE-2012-4000.