- CKEditor, 4.15.1 version and earlier.
INCIBE has coordinated the publication of one vulnerabilitiy that affects CKEditor, an open source text editor that provides word processing functions on web pages, which has been discovered by Rafael Pedrero.
This vulnerabilitiy has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:
- CVE-2023-4771: CVSS v3.1: 6.1 | CVSS: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | CWE-79.
The issue was found in one of the archived samples that should never be used by integrators in production code. There is no information about potential security vulnerabilities in CKEditor 4 itself.