Further, NIST does notĮndorse any commercial products that may be mentioned on Not necessarily endorse the views expressed, or concur with Sites that are more appropriate for your purpose. Inferences should be drawn on account of other sites being May have information that would be of interest to you. We have provided these links to other web sites because they References to Advisories, Solutions, and Toolsīy selecting these links, you will be leaving NIST webspace. There are no known workarounds for this issue. The problem has been recognized and patched. This vulnerability might affect a small percent of integrators that depend on dynamic editor initialization/destroy and use Markdown, General HTML Support or HTML embed features. The root cause of the issue was a mechanism responsible for updating the source element with the markup coming from the CKEditor 5 data pipeline after destroying the editor. 2) Destroying the editor instance and 3) Initializing the editor on an element and using an element other than `` as a base. In case of `ckeditor5-html-support` and `ckeditor5-html-embed`, additionally, it was required to use a configuration that allows unsafe markup inside the editor. The affected packages are and The specific conditions are 1) Using one of the affected packages. Ckeditor5 document editor code#The vulnerability allowed to trigger a JavaScript code after fulfilling special conditions. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions prior to 35.0.1. CKEditor 5 is a JavaScript rich text editor.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |