cvedb.io
CVE-2025-61261
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2025-11-07T19:16:25.853 · Last modified 2026-06-17T09:50:27.780

Summary

A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

Affected products

angular — angular

Does this affect you?

Add your gear to cvedb and we'll alert you only when angular ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.