Description
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
Remediation
References
Related Vulnerabilities
WordPress Plugin Sooqr Search Restricted File Upload (1.1.4)
WordPress Plugin WordPress Filter Gallery Security Bypass (0.0.6)
WordPress Plugin WP Instagram-Best Instagram Feeds Cross-Site Scripting (1.0.19)
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-21338)
WordPress Plugin Featured Comments Cross-Site Request Forgery (1.2.4)