AIKIDO-2025-10108
@ckeditor/ckeditor5-real-time-collaboration is vulnerable to Cross-site Scripting
75
High Risk
This Affects:
@ckeditor/ckeditor5-real-time-collaborationTL;DR
A Cross-Site Scripting (XSS) vulnerability has been disclosed in the @ckeditor/ckeditor5-real-time-collaboration package. This vulnerability allows unauthorized execution of JavaScript by manipulating user markers, which track users' positions within a document. It affects environments where Real-Time Collaborative Editing is enabled. If exploited, this issue could lead to malicious script execution within users' sessions.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
@ckeditor/ckeditor5-real-time-collaboration is vulnerable to Cross-site Scripting in versions 41.3.0 - 44.2.0.
How to fix this
Upgrade the @ckeditor/ckeditor5-real-time-collaboration library to the patch version.
Links
GitHub Release
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant