Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): ckeditor drupal
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-13669 |
Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. Published: February 11, 2022; 11:15:08 AM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2011-4972 |
hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not properly restrict access to private files, which allows remote attackers to read private files via a direct request. Published: November 13, 2019; 4:15:11 PM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-9861 |
Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element. Published: April 19, 2018; 1:29:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2012-2067 |
Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote attackers to execute arbitrary PHP code via the text parameter to a text filter. NOTE: some of these details are obtained from third party information. Published: September 04, 2012; 8:55:15 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-2066 |
Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: September 04, 2012; 8:55:15 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |