Oracle: >> Commerce Merchandising >> 11.0.0 Security Vulnerabilities
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.
CVSS Score
6.1
EPSS Score
0.009
Published
2020-11-12