CVE-2023-4771
Cross-Site Scripting vulnerability in CKSource CKEditor
A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information.
We have discovered 6,542 live websites that are affected by CVE-2023-4771.
Affected Software
| Product |  CKEditor |
| Category | Rich Text Editors |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 233 |
| Vulnerable Domains | 6,542 live websites (78.36% of CKEditor install base) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-4771 and the relative popularity of websitesDetails
- Published - Nov 16, 2023
- Updated - Nov 16, 2023
Credits
- Rafael Pedrero (finder)
CWE
CVE References
CWE References
Countries
 United States | 2,269 websites |
 New Zealand | 536 websites |
 Russia | 411 websites |
 France | 336 websites |
 Germany | 262 websites |
 India | 167 websites |
 Turkey | 163 websites |
 GB | 144 websites |
 Spain | 140 websites |
 Brazil | 131 websites |
TLDs
| .com | 2,451 websites |
| .org | 394 websites |
| .net | 363 websites |
| .ru | 307 websites |
| .fr | 144 websites |
| .com.br | 106 websites |
| .it | 93 websites |
| .de | 93 websites |
| .pl | 92 websites |
| .eu | 90 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2023-4771 through included software libraries and plugins.Websites affected by CVE-2023-4771
Top websites that are affected by CVE-2023-4771. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.net |  Netherlands | **,*** | |
| ***.******.**.nz | New Zealand | **,*** | |
| ***.********.org | United States | **,*** | |
| *******.***.ua |  Ukraine | **,*** | |
| ***.*********.com | France | **,*** | |
| ************.com | United States | **,*** | |
| ****.*****.edu | United States | **,*** | |
| *****************.org | United States | **,*** | |
| ******.org | France | **,*** | |
| *******.***.ua | Ukraine | **,*** |