| Description: | Summary:
The remote host is missing an update for the 'ckeditor' package(s) announced via the USN-7258-1 advisory.
Vulnerability Insight:
Kevin Backhouse discovered that CKEditor did not properly sanitize HTML
content. An attacker could possibly use this issue to perform cross site
scripting and obtain sensitive information. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-24728)
It was discovered that CKEditor did not properly handle the creation of
editor instances in the Iframe Dialog and Media Embed packages. An
attacker could possibly use this issue to perform cross site scripting
and obtain sensitive information. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-28439)
It was discovered that CKEditor did not properly handle parsing HTML
content. An attacker could possibly use this issue to perform cross site
scripting and obtain sensitive information.
(CVE-2024-24815, CVE-2024-24816)
It was discovered that CKEditor did not properly sanitize version
notifications. An attacker could possibly use this issue to perform cross
site scripting and obtain sensitive information. This issue only affected
Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-43411)
Affected Software/OS:
'ckeditor' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04, Ubuntu 24.10.
Solution:
Please install the updated package(s).
CVSS Score:
3.5
CVSS Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
