Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2025-61261

A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

  • Published: Nov 7, 2025
  • Updated: Dec 15, 2025
  • CVE: CVE-2025-61261
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.4
  • AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
angular / angular 18.0.0 18.0.0.x
ckeditor / ckeditor5 46.1.0 46.1.0.x