Ckeditor: >> Ckeditor >> 4.5.2 Security Vulnerabilities
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
CVSS Score
6.1
EPSS Score
0.007
Published
2020-03-07
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
CVSS Score
6.1
EPSS Score
0.015
Published
2018-11-14
Page 2