Description

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1, a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which might happen with a very specific editor configuration. This vulnerability only affects installations where the Block Toolbar plugin is enabled and either the General HTML Support (with a configuration that permits unsafe markup) or the HTML Embed plugin is also enabled. A fix for the problem is available in version 43.1.1. As a workaround, one may disable the block toolbar plugin.

INFO

Published Date :

2024-09-25T13:27:03.546Z

Last Modified :

2024-10-01T21:20:44.633Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45613 vulnerability.

Vendors Products
Ckeditor
  • Ckeditor5
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45613.

URL Resource
https://github.com/ckeditor/ckeditor5/releases/tag/v43.1.1 cve-icon cve-icon
https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-rgg8-g5x8-wr9v cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact