Description

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. Prior to version 47.6.0, a cross-site scripting (XSS) vulnerability has been discovered in the General HTML Support feature. This vulnerability could be triggered by inserting specially crafted markup, leading to unauthorized JavaScript code execution, if the editor instance used an unsafe General HTML Support configuration. This issue has been patched in version 47.6.0.

Remediation

References

CVE-2026-28343

Related Vulnerabilities

WordPress Plugin WordPress Books Gallery Security Bypass (3.5)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.113)

Jenkins CVE-2024-47804 Vulnerability (CVE-2024-47804)

RubyGems Improper Input Validation Vulnerability (CVE-2018-1000077)

IBM RTC Inadequate Encryption Strength Vulnerability (CVE-2020-4965)

Severity

Medium

Classification

CVE-2026-28343 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities