Published: 07/08/2014 Updated: 08/09/2015
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the Preview plugin prior to 4.4.3 in CKEditor allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ckeditor ckeditor 4.4.1

ckeditor ckeditor

ckeditor ckeditor 4.4.0

Vendor Advisories

Debian Bug report logs - #760736 ckeditor: CVE-2014-5191 Package: ckeditor; Maintainer for ckeditor is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Source for ckeditor is src:ckeditor (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Sun, 7 Sep 2014 12:27:0 ...
IBM OpenPages GRC Platform has addressed CKEditor (Preview Plugin) vulnerability (CVE-2014-5191) ...