Unknown · Ckeditor5 Youtube · CVE-2025-6674
Name of the Vulnerable Software and Affected Versions:
CKEditor5 Youtube versions 0.0.0 through 1.0.2
Description:
The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS). This allows an attacker to perform Cross-Site Scripting (XSS) attacks.
Recommendations:
For CKEditor5 Youtube versions 0.0.0 through 1.0.2, update to version 1.0.3 or later to resolve the issue.