Page 4 of 18 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). Una vulnerabilidad de tipo cross-site scripting (XSS) en el HTML Data Processor for CKEditor versiones 4.0 anteriores a 4.14, permite a atacantes remotos inyectar script web arbitrario por medio de un comentario "protected" diseñado (con la sintaxis cke_protected). • https://github.com/ckeditor/ckeditor4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. CKEditor en versiones 4.x anteriores a la 4.11.0 permite Cross-Site Scripting (XSS) ayudado por un usuario relacionado con una operación de pegado en modo origen. • http://www.securityfocus.com/bid/109205 https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released https://ckeditor.com/cke4/release/CKEditor-4.11.0 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser. El plugin ckeditor-for-wordpress antes de 4.5.3.1 para WordPress ha reflejado XSS en el navegador de archivos "built-in (old)". The CKEditor plugin before 4.5.3.1 for WordPress has reflected XSS in the built-in (old) file browser. • https://wordpress.org/plugins/ckeditor-for-wordpress/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •