dial25sd
commented
2 years ago Hey @kzimny , I'm a bit irritated as to why you have closed the issue without any reaction. Don't get me wrong: I am not seeking support from you. In the concerned application, we've already managed to fix the vulnerability using a workaround.
However, this is a serious security issue, that you should look into, since it might affect a major part of the users of ng2-ckeditor.
I'm aware that this isn't directly what Github issues are meant to be used for, yet I don't know of a different way to contact you or @chymz .
Hey there,
during a penetration test of an Angular application that uses ng2-ckeditor, I've found a XSS vulnerability that seems to be hidden in the library. I was able to reproduce it with different versions of Angular, ng2-ckeditor and ckeditor4 – but not yet when using ckeditor4-angular instead of ng2-ckeditor, which is why I assume that the vulnerability is contained in ng2-ckeditor. In the context of the application I've tested, this vulnerability resulted in stored cross site scripting to potentially any user that uses the affected ckeditor - even though it was exactly implemented as shown in the docs.
I've already tried to reach out to @chymz via email, but haven't received a response within a week. I have a working demo with screenshots and some explanations on how to reproduce in a private repository. Is it alright, if I just add you (@chymz and @kzimny ) to it so that you can take a look into the demo? I'm unfortunately not very acquainted with debugging Angular libraries.