6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-4771

GHSA ID

GHSA-wh5w-82f3-wrxh

EPSS Score

0.95167%

CWE

CWE-79

Published

2/7/2024

Updated

2/7/2024

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-4771

CVE-2023-4771: CKEditor cross-site scripting vulnerability in AJAX sample

Affected packages

The vulnerability has been discovered in the AJAX sample available at the samples/old/ajax.html file location. All integrators that use that sample in the production code can be affected.

Impact

A potential vulnerability has been discovered in one of CKEditor's 4 samples that are shipped with production code. The vulnerability allowed to execute JavaScript code by abusing the AJAX sample. It affects all users using the CKEditor 4 at version < 4.24.0-lts where samples/old/ajax.html is used in a production environment.

Patches

The problem has been recognized and patched. The fix will be available in version 4.24.0-lts.

For more information

Email us at security@cksource.com if you have any questions or comments about this advisory.

Acknowledgements

The CKEditor 4 team would like to thank Rafael Pedrero and INCIBE (original report) for recognizing and reporting this vulnerability.

(GitHub Advisory)

6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-4771

GHSA ID

GHSA-wh5w-82f3-wrxh

EPSS Score

0.95167%

CWE

CWE-79

Published

2/7/2024

Updated

2/7/2024

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
ckeditor4	npm	< 4.24.0-lts	4.24.0-lts

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the AJAX sample's insecure handling of editor content. The original code in samples/old/ajax.html used document.getElementById('editorcontents').innerHTML = editor.getData(), which directly injected raw HTML without sanitization. This allowed execution of arbitrary JavaScript if the content contained malicious scripts. The patch replaced innerHTML with .value on a textarea, which neutralizes the XSS risk. The vulnerable function is saveData(), which implemented the unsafe innerHTML assignment. The core CKEditor functions (e.g., getData()) are not inherently vulnerable, but the sample's misuse of the API introduced the XSS vector.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### *****t** p**k***s T** vuln*r**ility **s ***n *is*ov*r** in t** *J*X s*mpl* *v*il**l* *t t** `s*mpl*s/ol*/*j*x.*tml` *il* lo**tion. *ll int**r*tors t**t us* t**t s*mpl* in t** pro*u*tion *o** **n ** *****t**. ### Imp**t * pot*nti*l vuln*r**ility

Reasoning

T** vuln*r**ility st*ms *rom t** *J*X s*mpl*'s ins**ur* **n*lin* o* **itor *ont*nt. T** ori*in*l *o** in `s*mpl*s/ol*/*j*x.*tml` us** `*o*um*nt.**t*l*m*nt*yI*('**itor*ont*nts').inn*r*TML = **itor.**t**t*()`, w*i** *ir**tly inj**t** r*w *TML wit*out s

6.1

Basic Information

Concerned about an active attack path?

CVE-2023-4771: CKEditor cross-site scripting vulnerability in AJAX sample

Affected packages

Impact

Patches

For more information

Acknowledgements

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI