CVSS 3.1 Score 6.1 of 10 (medium)


Published Nov 16, 2023
Updated: Nov 28, 2023


CVE-2023-4771 is a Cross-Site scripting vulnerability found in CKSource CKEditor versions 4.15.1 and earlier. This vulnerability allows an attacker to execute malicious JavaScript code through the /ckeditor/samples/old/ajax.html file, potentially retrieving sensitive information of authorized users. The vulnerability has a base severity rating of MEDIUM with a base score of 6.1 according to CVSS 3.1, indicating a moderate level of danger. The exploitability score is 2.8, requiring user interaction and having a low attack complexity. The affected products include various versions of bLPvSY, bLPvSZ, bLPvSa, and others. To remediate this vulnerability, users should upgrade to CKEditor version 4.15.2 or later, which includes the necessary security patches to address the issue. (Note: This summary is based on the provided information and does not contain any additional analysis or opinions.)


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-4771 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options