Home > Vulnerability Database > CVE-2023-37905

Mend.io Vulnerability Database

CVE-2023-37905

Good to know:

Date: July 21, 2023

ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor. It has been discovered that the "ckeditor-wordcount-plugin" plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. This issue has been addressed in version 1.17.12 of the "ckeditor-wordcount-plugin" plugin and users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: JS

Severity Score

6.1

Related Resources (9)

Url: https://github.com/w8tcha/CKEditor-WordCount-Plugin

Url: https://typo3.org/security/advisory/typo3-core-sa-2023-004

Url: https://github.com/w8tcha/CKEditor-WordCount-Plugin/commit/a4b154bdf35b3465320136fcb078f196b437c2f1

Url: https://github.com/w8tcha/CKEditor-WordCount-Plugin/commit/0f03b3e5b7c1409998a13aba3a95396e6fa349d8

Url: https://github.com/w8tcha/CKEditor-WordCount-Plugin/security/advisories/GHSA-q9w4-w667-qqj4

Url: https://github.com/TYPO3/typo3

Url: https://github.com/TYPO3/typo3/security/advisories/GHSA-m8fw-p3cr-6jqc

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-37905

Url: https://www.mend.io/vulnerability-database/CVE-2023-37905

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version ckeditor-wordcount-plugin - 1.17.12

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-37905

Good to know:

Date: July 21, 2023

Language: JS

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?