Vulnerability Details CVE-2020-9281
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.2%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://github.com/ckeditor/ckeditor4
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://github.com/ckeditor/ckeditor4
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Products affected by CVE-2020-9281
-
cpe:2.3:a:ckeditor:ckeditor:4.0
-
cpe:2.3:a:ckeditor:ckeditor:4.0.1
-
cpe:2.3:a:ckeditor:ckeditor:4.0.1.1
-
cpe:2.3:a:ckeditor:ckeditor:4.0.2
-
cpe:2.3:a:ckeditor:ckeditor:4.0.3
-
cpe:2.3:a:ckeditor:ckeditor:4.1
-
cpe:2.3:a:ckeditor:ckeditor:4.1.1
-
cpe:2.3:a:ckeditor:ckeditor:4.1.2
-
cpe:2.3:a:ckeditor:ckeditor:4.1.3
-
cpe:2.3:a:ckeditor:ckeditor:4.10.0
-
cpe:2.3:a:ckeditor:ckeditor:4.10.1
-
cpe:2.3:a:ckeditor:ckeditor:4.11.0
-
cpe:2.3:a:ckeditor:ckeditor:4.11.1
-
cpe:2.3:a:ckeditor:ckeditor:4.11.2
-
cpe:2.3:a:ckeditor:ckeditor:4.11.3
-
cpe:2.3:a:ckeditor:ckeditor:4.11.4
-
cpe:2.3:a:ckeditor:ckeditor:4.13.0
-
cpe:2.3:a:ckeditor:ckeditor:4.13.1
-
cpe:2.3:a:ckeditor:ckeditor:4.2
-
cpe:2.3:a:ckeditor:ckeditor:4.2.1
-
cpe:2.3:a:ckeditor:ckeditor:4.2.2
-
cpe:2.3:a:ckeditor:ckeditor:4.2.3
-
cpe:2.3:a:ckeditor:ckeditor:4.3.0
-
cpe:2.3:a:ckeditor:ckeditor:4.3.1
-
cpe:2.3:a:ckeditor:ckeditor:4.3.2
-
cpe:2.3:a:ckeditor:ckeditor:4.3.3
-
cpe:2.3:a:ckeditor:ckeditor:4.3.4
-
cpe:2.3:a:ckeditor:ckeditor:4.3.5
-
cpe:2.3:a:ckeditor:ckeditor:4.4.0
-
cpe:2.3:a:ckeditor:ckeditor:4.4.1
-
cpe:2.3:a:ckeditor:ckeditor:4.4.2
-
cpe:2.3:a:ckeditor:ckeditor:4.4.3
-
cpe:2.3:a:ckeditor:ckeditor:4.4.4
-
cpe:2.3:a:ckeditor:ckeditor:4.4.5
-
cpe:2.3:a:ckeditor:ckeditor:4.4.6
-
cpe:2.3:a:ckeditor:ckeditor:4.4.7
-
cpe:2.3:a:ckeditor:ckeditor:4.4.8
-
cpe:2.3:a:ckeditor:ckeditor:4.5.0
-
cpe:2.3:a:ckeditor:ckeditor:4.5.1
-
cpe:2.3:a:ckeditor:ckeditor:4.5.10
-
cpe:2.3:a:ckeditor:ckeditor:4.5.11
-
cpe:2.3:a:ckeditor:ckeditor:4.5.2
-
cpe:2.3:a:ckeditor:ckeditor:4.5.3
-
cpe:2.3:a:ckeditor:ckeditor:4.5.4
-
cpe:2.3:a:ckeditor:ckeditor:4.5.5
-
cpe:2.3:a:ckeditor:ckeditor:4.5.6
-
cpe:2.3:a:ckeditor:ckeditor:4.5.7
-
cpe:2.3:a:ckeditor:ckeditor:4.5.8
-
cpe:2.3:a:ckeditor:ckeditor:4.5.9
-
cpe:2.3:a:ckeditor:ckeditor:4.6.0
-
cpe:2.3:a:ckeditor:ckeditor:4.6.1
-
cpe:2.3:a:ckeditor:ckeditor:4.6.2
-
cpe:2.3:a:ckeditor:ckeditor:4.7.0
-
cpe:2.3:a:ckeditor:ckeditor:4.7.1
-
cpe:2.3:a:ckeditor:ckeditor:4.7.2
-
cpe:2.3:a:ckeditor:ckeditor:4.7.3
-
cpe:2.3:a:ckeditor:ckeditor:4.8.0
-
cpe:2.3:a:ckeditor:ckeditor:4.9.0
-
cpe:2.3:a:ckeditor:ckeditor:4.9.1
-
cpe:2.3:a:ckeditor:ckeditor:4.9.2
-
cpe:2.3:a:drupal:drupal:8.7.0
-
cpe:2.3:a:drupal:drupal:8.7.1
-
cpe:2.3:a:drupal:drupal:8.7.10
-
cpe:2.3:a:drupal:drupal:8.7.11
-
cpe:2.3:a:drupal:drupal:8.7.2
-
cpe:2.3:a:drupal:drupal:8.7.3
-
cpe:2.3:a:drupal:drupal:8.7.4
-
cpe:2.3:a:drupal:drupal:8.7.5
-
cpe:2.3:a:drupal:drupal:8.7.6
-
cpe:2.3:a:drupal:drupal:8.7.7
-
cpe:2.3:a:drupal:drupal:8.7.8
-
cpe:2.3:a:drupal:drupal:8.7.9
-
cpe:2.3:a:drupal:drupal:8.8.0
-
cpe:2.3:a:drupal:drupal:8.8.1
-
cpe:2.3:a:drupal:drupal:8.8.2
-
cpe:2.3:a:drupal:drupal:8.8.3
-
cpe:2.3:a:oracle:agile_plm:9.3.5
-
cpe:2.3:a:oracle:agile_plm:9.3.6
-
cpe:2.3:a:oracle:application_express:-
-
cpe:2.3:a:oracle:application_express:18.2
-
cpe:2.3:a:oracle:application_express:19.1
-
cpe:2.3:a:oracle:application_express:19.2
-
cpe:2.3:a:oracle:application_express:20.1
-
cpe:2.3:a:oracle:application_express:3.0
-
cpe:2.3:a:oracle:application_express:3.1
-
cpe:2.3:a:oracle:application_express:3.2
-
cpe:2.3:a:oracle:application_express:4.0
-
cpe:2.3:a:oracle:application_express:4.1
-
cpe:2.3:a:oracle:application_express:4.2
-
cpe:2.3:a:oracle:application_express:5.0
-
cpe:2.3:a:oracle:application_express:5.0.4
-
cpe:2.3:a:oracle:application_express:5.1.0
-
cpe:2.3:a:oracle:application_express:5.1.1
-
cpe:2.3:a:oracle:application_express:5.1.2
-
cpe:2.3:a:oracle:application_express:5.1.2.00.09
-
cpe:2.3:a:oracle:application_express:5.1.3
-
cpe:2.3:a:oracle:application_express:5.1.3.00.05
-
cpe:2.3:a:oracle:application_express:5.1.4
-
cpe:2.3:a:oracle:application_express:5.1.4.00.08
-
cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0
-
cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0
-
cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2
-
cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0
-
cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1
-
cpe:2.3:a:oracle:banking_enterprise_default_managment:*
-
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:-
-
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:4.0.1.0
-
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1
-
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1.5
-
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2
-
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.0.0
-
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.0
-
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.2
-
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.0
-
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:-
-
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56
-
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57
-
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58
-
cpe:2.3:a:oracle:siebel_apps_-_customer_order_management:*
-
cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0
-
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0
-
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0
-
cpe:2.3:o:fedoraproject:fedora:30
-
cpe:2.3:o:fedoraproject:fedora:31
-
cpe:2.3:o:fedoraproject:fedora:32