A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 up to and including 4.16.x prior to 4.16.1 allows remote malicious users to inject executable JavaScript code through a crafted comment because --!> is mishandled.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ckeditor ckeditor |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
||
drupal drupal |
||
debian debian linux 9.0 |