CVE-2024-13245

CVE-2024-13245: CKEditor 4 LTS - WYSIWYG HTML editor - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-009

Vendor Drupal

Product CKEditor 4 LTS - WYSIWYG HTML editor

Weakness CWE-79 · XSS

Published January 9, 2025

Last update January 9, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting (XSS).This issue affects CKEditor 4 LTS - WYSIWYG HTML editor: from 1.0.0 before 1.0.1.

Key dates

02Disclosure timeline

January 9, 2025 CVE published

January 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-13245 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-9939 CodeAstro Real Estate Management System propertyview.php cross site scripting CVE-2025-9128 eID Easy <= 4.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter CVE-2025-23768 WordPress InFunding plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability CVE-2022-0928 Cross-site Scripting (XSS) - Stored in microweber/microweber CVE-2025-12112 Insert Headers and Footers Code – HT Script <= 1.1.6 - Authenticated (Author+) Stored Cross-Site Scripting