Detections
Analytics

CVE-2025-61261

medium

Description

A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

References

https://senscybersecurity.nl/cve-2025-61261-explained/

https://github.com/ckeditor/ckeditor5/releases/tag/v46.1.0

Details

Source: Mitre, NVD

Published: 2025-11-07

Updated: 2025-11-12

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00036