CVE-2023-4771: CKEditor Cross-site Scripting vulnerability

November 16, 2023

A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user’s information.

References

github.com/advisories/GHSA-hxjc-9j8v-v9pr
nvd.nist.gov/vuln/detail/CVE-2023-4771
www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-cksource-ckeditor

Code Behaviors & Features

Detect and mitigate CVE-2023-4771 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →