Login Sign Up

CVE-2024-13245

5.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts into web pages through the CKEditor 4 LTS WYSIWYG editor in Drupal. When users view pages containing the malicious content, the scripts execute in their browsers, potentially stealing credentials or performing unauthorized actions. Drupal sites using CKEditor 4 LTS versions 1.0.0 are affected.

💻 Affected Systems

Products:
  • Drupal CKEditor 4 LTS - WYSIWYG HTML editor
Versions: from 1.0.0 before 1.0.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Drupal installations using the CKEditor 4 LTS module. The vulnerability exists in the editor's content processing.

📦 What is this software?

Ckeditor 4 by Cksource

View all CVEs affecting Ckeditor 4 →

Ckeditor 4 by Cksource

View all CVEs affecting Ckeditor 4 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, take over administrative accounts, deface websites, or redirect users to malicious sites.

🟠

Likely Case

Attackers inject malicious JavaScript that steals user session cookies or credentials when users view compromised content.

🟢

If Mitigated

With proper input validation and output encoding, the risk is limited to specific content types where CKEditor is used with insufficient sanitization.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires the ability to create or edit content using CKEditor 4 LTS. Typically requires authenticated access with appropriate permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.1

Vendor Advisory: https://www.drupal.org/sa-contrib-2024-009

Restart Required: No

Instructions:

1. Update the CKEditor 4 LTS module to version 1.0.1 or later via Drupal's update manager. 2. Clear Drupal caches after update. 3. Verify the module version in Extend > CKEditor 4 LTS.

🔧 Temporary Workarounds

Disable CKEditor 4 LTS module

all

Temporarily disable the vulnerable module until patching is possible

drush pm:disable ckeditor4_lts

Restrict content editing permissions

all

Limit who can create/edit content using CKEditor to trusted users only

🧯 If You Can't Patch

  • Implement strict Content Security Policy (CSP) headers to block inline script execution
  • Enable Drupal's built-in XSS filtering and ensure all user input is properly sanitized

🔍 How to Verify

Check if Vulnerable:

Check the module version at /admin/modules or using 'drush pm:list | grep ckeditor4_lts'

Check Version:

drush pm:list --fields=name,version --filter="name=ckeditor4_lts"

Verify Fix Applied:

Confirm module version is 1.0.1 or higher and test CKEditor functionality

📡 Detection & Monitoring

Log Indicators:

  • Unusual content edits via CKEditor
  • Multiple failed login attempts followed by content creation

Network Indicators:

  • Unexpected JavaScript loading from content pages
  • Suspicious outbound connections from user browsers

SIEM Query:

source="drupal" AND (event="content_update" OR event="node_insert") AND user_agent CONTAINS "CKEditor"

📊 Metadata

CVE ID: CVE-2024-13245
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.14% exploit probability (33.4th percentile)
Published: January 9, 2025
Last Updated: July 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13245, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)