CVE-2023-4771

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 16, 2023

Updated: Nov 28, 2023

CWE ID 352

Summary

CVE-2023-4771 is a Cross-Site Scripting (XSS) vulnerability identified in CKSource CKEditor versions 4.15.1 and older. Malicious JavaScript code can be sent to the /ckeditor/samples/old/ajax.html file, allowing an attacker to execute arbitrary script in the context of an affected user's browser. This could potentially result in the theft of sensitive user information. Users are strongly encouraged to upgrade to a patched version of CKEditor to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

IBM Maximo Asset Management

Affected Vendors

IBM Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tViPcM
https://www.cve.org/CVERecord?id=CVE-2023-4771
https://nvd.nist.gov/vuln/detail/CVE-2023-4771

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners