A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 prior to 4.14 allows remote malicious users to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ckeditor ckeditor |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
drupal drupal |
||
oracle peoplesoft enterprise peopletools 8.56 |
||
oracle webcenter portal 12.2.1.3.0 |
||
oracle webcenter portal 11.1.1.9.0 |
||
oracle peoplesoft enterprise peopletools 8.57 |
||
oracle agile plm 9.3.5 |
||
oracle agile plm 9.3.6 |
||
oracle peoplesoft enterprise peopletools 8.58 |
||
oracle webcenter portal 12.2.1.4.0 |
||
oracle application express |
||
oracle jd edwards enterpriseone tools |
||
oracle siebel apps - customer order management |
||
oracle peoplesoft enterprise peopletools - |
||
oracle banking enterprise default management 2.12.0 |
||
oracle banking enterprise default management 2.10.0 |
||
oracle banking enterprise default managment |
||
oracle banking enterprise default management 2.7.0 |
||
oracle banking enterprise default management 2.7.1 |
||
oracle banking enterprise default management 2.6.2 |