216.73.217.86

CVE-2025-61261

· Published 07/11/2025 19:16 · Modified 11/12/2025 23:42

Labels: CVE-2025-61261 2025-11-07CVE-2025-61261CWE-79[email protected]

Essential information

Published
07/11/2025 19:16
Modified
11/12/2025 23:42
Author
Creator
CVSS
5.4 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS metrics

Description

A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
angular / angular cpe:2.3:a:angular:angular:18.0.0:-:*:*:*:node.js:*:*
ckeditor / ckeditor5 cpe:2.3:a:ckeditor:ckeditor5:46.1.0:*:*:*:*:*:*:*

References