CKEditor 1.2.3 for Redmine

CPE Details

CKEditor 1.2.3 for Redmine
ckeditor
ckeditor
1.2.3
2023-12-29
09h51 +00:00
2023-12-29
09h51 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ckeditor:ckeditor:1.2.3:*:*:*:*:redmine:*:*

Informations

Vendor

ckeditor

Product

ckeditor

Version

1.2.3

Target Software

redmine

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-31541 2023-06-12 22h00 +00:00 A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.
9.8
Critical
CVE-2021-41165 2021-11-17 18h15 +00:00 CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.
8.2
High
CVE-2021-37695 2021-08-12 21h10 +00:00 ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.
7.3
High
CVE-2014-5191 2014-08-07 08h00 +00:00 Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3