Impact
A Cross-Site Scripting (XSS) vulnerability has been discovered in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which might happen with a very specific editor configuration.
This vulnerability affects only installations where the editor configuration meets one of the following criteria:
Patches
The problem has been recognized and patched. The fix will be available in version 46.0.3 (and above), and explicitly in version 45.2.2.
For more information
Email us at [email protected] if you have any questions or comments about this advisory.
Impact
A Cross-Site Scripting (XSS) vulnerability has been discovered in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution, if the attacker managed to insert a malicious content into the editor, which might happen with a very specific editor configuration.
This vulnerability affects only installations where the editor configuration meets one of the following criteria:
RawElementis enabledPatches
The problem has been recognized and patched. The fix will be available in version 46.0.3 (and above), and explicitly in version 45.2.2.
For more information
Email us at [email protected] if you have any questions or comments about this advisory.