Home > Vulnerability Database > CVE-2024-24816

Mend.io Vulnerability Database

CVE-2024-24816

Good to know:

Date: February 7, 2024

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts.

Language: JS

Severity Score

6.1

Related Resources (6)

Url: https://security-tracker.debian.org/tracker/CVE-2024-24816

Url: https://ckeditor.com/cke4/addon/preview

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-24816

Url: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-mw2c-vx6j-mg76

Url: https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb

Url: https://www.mend.io/vulnerability-database/CVE-2024-24816

Severity Score

6.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version ckeditor4 - 4.24.0

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-24816

Good to know:

Date: February 7, 2024

Language: JS

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?