CKEditor had a vulnerability that could allow execution of Javascript code.
The exact degree of exploitability for CiviCRM has not been determined.
All versions less than or equal to: 5.47.1, 5.46.2, 5.45.3
CiviCRM versions 5.47.2, 5.46.3, and 5.45.4 ESR
Any ONE of the following:
- Upgrade to CiviCRM v5.47.2+, v5.46.3+, or v5.45.4+ ESR
- Manually upgrade CKEditor v4.18
Seamus Lee, Kevin Cristiano, and Tim Otten for adapting and validating on CiviCRM