A cross-site scripting (XSS) vulnerability in the WSC plugin up to and including 5.5.7.5 for CKEditor 4 allows remote malicious users to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ckeditor ckeditor 4.0 |
||
webspellchecker webspellchecker |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |