Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
CKEditor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-45613 - Vulnerability Database
CKEditor

CKEditor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-45613

Medium
Reference: CVE-2024-45613
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-45613
Title: CKEditor Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

CKEditor 5 is a JavaScript rich-text editor. Starting in version 40.0.0 and prior to version 43.1.1 a Cross-Site Scripting (XSS) vulnerability is present in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action leading to unauthorized JavaScript code execution if the attacker managed to insert a malicious content into the editor which might happen with a very specific editor configuration. This vulnerability only affects installations where the Block Toolbar plugin is enabled and either the General HTML Support (with a configuration that permits unsafe markup) or the HTML Embed plugin is also enabled. A fix for the problem is available in version 43.1.1. As a workaround one may disable the block toolbar plugin.