ckeditor

Security Risk Profile

/100

low

Security Risk Score

Comprehensive risk assessment based on 36 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from July 12, 2012 to present

Total CVEs

Critical+High

Exploited

Unpatched

Threat Assessment

Avg CVSS

6.2

Base severity

Avg EPSS

Exploit probability

Unpatched

Critical/High

Risk Level

28/100

low

Severity Distribution

Critical

High

Medium

Low

Exploit Likelihood

>50% chance

20-50%

5-20%

<5%

Age Distribution

Common Weaknesses (CWE)

XSS

Code Injection

Malicious File Upload

Infoleak

Most Affected Products

1. CKEditor FCKeditor124

2. CKEditor CKEditor57

3. Fedoraproject Fedora27

4. Oracle PeopleSoft Enterprise PeopleTools24

5. Oracle Financial Services Analytical Applications Infrastructure21

Recent Vulnerabilities

See more →

CVE-2026-28343

CVSS 6.4EPSS 0%medium

CKEditor: Cross-site scripting (XSS) in the HTML Support package

CVSS 4.8EPSS 0%medium

ZenCart CKEditor cross site scripting

8/18/2025🔧 No Patch

CVE-2025-25299

CVSS 2.3EPSS 0%low

Cross-site scripting (XSS) in the real-time collaboration package

2/20/2025

CVE-2024-45613

CVSS 7.2high

CKEditor 5 has Cross-site Scripting vulnerability in the clipboard package

9/25/2024

CVE-2024-43407

CVSS 6.1medium

Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability

8/21/2024

CVE-2024-24816

CVSS 6.1EPSS 0%medium

Cross-site scripting (XSS) vulnerability in samples with enabled the preview feature

2/7/2024

CVE-2024-24815

CVSS 6.1EPSS 0%medium

CKEditor4 Cross-site scripting (XSS) vulnerability caused by incorrect CDATA detection

ckeditor4 plugins vulnerable to cross-site scripting caused by the editor instance destroying process

3/22/2023

Monitor ckeditor in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free Trial Book a Demo