PT-2023-26174 · Ckeditor+1 · Ckeditor-Wordcount-Plugin+2

Sybille Peters

Published

2023-07-10

Updated

2023-09-15

CVE-2023-37905

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions ckeditor-wordcount-plugin versions prior to 1.17.12

Description The ckeditor-wordcount-plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. In default scenarios, exploiting this vulnerability requires a valid backend user account. However, if custom plugins are used on the website frontend, which accept and reflect rich-text content submitted by users, no authentication is required.

Recommendations Update to version 1.17.12 of the ckeditor-wordcount-plugin plugin. As a temporary workaround, consider disabling the plugin until a patch is available. Update to TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30 that fix the problem described above.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-37905

GHSA-M8FW-P3CR-6JQC

GHSA-Q9W4-W667-QQJ4

Affected Products

Ckeditor4

Typo3

Ckeditor-Wordcount-Plugin

PT-2023-26174 · Ckeditor+1 · Ckeditor-Wordcount-Plugin+2

CVE-2023-37905

Weakness Enumeration

Related Identifiers

Affected Products

References · 12