CVE-2019-9870

Name: CVE-2019-9870
Creator: NVD / NIST
Published: 2019-03-21T16:01:17.483+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.85%

Last modified Jun 17, 2026

CVE-2019-9870 is a vulnerability of currently unknown severity. plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements.. EPSS estimates a 1.85% chance of exploitation in the next 30 days.

Description

plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements.

Metrics

EPSS Probability

1.85%

76.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-19

Affected Software

Vendor	Product	Versions
Oembed Project	Oembed	< 2019-03-14

References

https://github.com/w8tcha/CKEditor-oEmbed-Plugin/commit/10f6169e39510bbf5af913886037044458b9dc9bPatch, Third Party Advisory
https://github.com/w8tcha/CKEditor-oEmbed-Plugin/issues/94Third Party Advisory
https://github.com/w8tcha/CKEditor-oEmbed-Plugin/commit/10f6169e39510bbf5af913886037044458b9dc9bPatch, Third Party Advisory
https://github.com/w8tcha/CKEditor-oEmbed-Plugin/issues/94Third Party Advisory

Timeline

Published: Mar 21, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-9870?

plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements.

How severe is CVE-2019-9870?

Severity scoring for CVE-2019-9870 is pending analysis. The EPSS model estimates a 1.85% probability of exploitation in the next 30 days.

How do I fix CVE-2019-9870?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-9870?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST