CVE-2024-45613

Name of the Vulnerable Software and Affected Versions: CKEditor 5 versions 40.0.0 through 43.1.1

Description: A Cross-Site Scripting (XSS) issue is present in the CKEditor 5 clipboard package, which could be triggered by a specific user action, leading to unauthorized JavaScript code execution if an attacker managed to insert malicious content into the editor. This issue affects installations where the Block Toolbar plugin is enabled and either the General HTML Support (with a configuration that permits unsafe markup) or the HTML Embed plugin is also enabled.

Recommendations: For CKEditor 5 versions 40.0.0 through 43.1.1, update to version 43.1.1 or higher to resolve the issue. As a temporary workaround, consider disabling the Block Toolbar plugin until a patch is available.