Impact
During a recent internal audit, we identified a Cross-Site Scripting (XSS) vulnerability in the CKEditor 5 real-time collaboration package. This vulnerability can lead to unauthorized JavaScript code execution and affects user markers, which represent users' positions within the document.
This vulnerability affects only installations with Real-time collaborative editing enabled.
Patches
The problem has been recognized and patched. The fix will be available in version 44.2.1 (and above).
For more information
Email us at [email protected] if you have any questions or comments about this advisory.
Impact
During a recent internal audit, we identified a Cross-Site Scripting (XSS) vulnerability in the CKEditor 5 real-time collaboration package. This vulnerability can lead to unauthorized JavaScript code execution and affects user markers, which represent users' positions within the document.
This vulnerability affects only installations with Real-time collaborative editing enabled.
Patches
The problem has been recognized and patched. The fix will be available in version 44.2.1 (and above).
For more information
Email us at [email protected] if you have any questions or comments about this advisory.