Security Vulnerability on Xibo 2.3.8 found

Running Greenbone security analyzer it shows that Xibo is vulnerable to ReDoS vulnerabilities. It says to update the version of CKEditor but im not sure how to go about that in Docker. I am running on CentOS 6 with Xibo 2.3.8 installed.


CKEditor is prone to multiple regular expression denial of service (ReDoS) vulnerabilities.

Detection Result

Installed version: 4.3 Fixed version: 4.16 Installation path / port: /dist/vendor/ckeditor


The following vulnerabilities exist: - ReDoS in the Advanced Tab for Dialogs plugin (CVE-2021-26271) - ReDoS in the Autolink plugin (CVE-2021-26272)

Detection Method

Checks if a vulnerable version is present on the target host.

Affected Software/OS

CKEditor versions 4.0 - 4.15.1.



Solution Type:


Update to version 4.16 or later


Thank you very much eatyourpeas747 for creating this post and passing on the details. An internal ticket has been logged to investigate this further.

Many Thanks.

We’ve confirmed that we do not use either of the two plugins mentioned in the CVE’s listed.

ckeditor 4.16 has some compatibility issues with Xibo and therefore we can’t upgrade - however we will re-target the bug to 3.1 and look at getting ckeditor4 latest release to work, or moving to ckeditor5.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.