Cross-Site Scripting Vulnerability in ckeditor-wordcount-plugin

Cross-Site Scripting Vulnerability in ckeditor-wordcount-plugin

CVE-2023-37905 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor. It has been discovered that the `ckeditor-wordcount-plugin` plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. This issue has been addressed in version 1.17.12 of the `ckeditor-wordcount-plugin` plugin and users are advised to upgrade. There are no known workarounds for this vulnerability.

Learn more about our Open Source Audit.