Published: 12/11/2020 Updated: 02/12/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote malicious users to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ckeditor ckeditor 4.15.0
oracle agile plm 9.3.5
oracle agile plm 9.3.6
oracle application express
oracle banking party management 2.7.0
oracle banking platform 2.4.0
oracle banking platform 2.7.0
oracle banking platform 2.7.1
oracle banking platform 2.8.0
oracle banking platform 2.9.0
oracle commerce merchandising 11.0.0
oracle commerce merchandising 11.1.0
oracle commerce merchandising 11.2.0
oracle commerce merchandising 11.3.0
oracle commerce merchandising 11.3.1
oracle commerce merchandising 11.3.2
oracle financial services analytical applications infrastructure
oracle financial services analytical applications infrastructure 8.1.0
oracle financial services analytical applications infrastructure 8.1.1
oracle jd edwards enterpriseone tools
oracle peoplesoft enterprise peopletools 8.56
oracle peoplesoft enterprise peopletools 8.57
oracle peoplesoft enterprise peopletools 8.58

CWE-79 https://ckeditor.com/cke4/release/CKEditor-4.15.1 https://ckeditor.com/ckeditor-4/download/https://ckeditor.com/blog/CKEditor-4.15.1-with-a-security-patch-released/https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuoct2021.html https://nvd.nist.gov

CVE-2020-27193

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect