CNNVD-202509-676 Information

CNNVD ID

CNNVD-202509-676

Related CVE

CVE-2025-58064

• CNNVD Published: 2025-09-04

Description (Chinese)

CKEditor 5是CKEditor Ecosystem开源的一个文本编辑器。 CKEditor 5 46.0.0至46.0.2版本和44.2.0至45.2.1版本存在跨站脚本漏洞，该漏洞源于如果攻击者设法在编辑器中插入恶意内容，则可能由特定的用户操作触发，导致未授权JavaScript代码执行。

Description (English)

CKEditor 5 is a text editor for CKEditor Ecosystem open source. CKEditor 5, 46.0.0 to 46.0.2 and 44.2.0 to 45.2.1 had a cross-site script loophole, which could be triggered by a specific user operation if the assailant sought to insert malicious elements in the editor, resulting in the non-authorization of the JavaScript code.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

CKEditor Ecosystem

Published

2025-09-04

Last Modified

2026-02-24

References

https://github.com/ckeditor/ckeditor5/commit/b210e90c6cf84e662ef6c7daf93a92355a961bf2 https://github.com/ckeditor/ckeditor5/security/advisories/GHSA-x9gp-vjh6-3wv6

Patch

https://github.com/ckeditor/ckeditor5/releases