CVE-2020-27193
https://notcve.org/view.php?id=CVE-2020-27193
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs. Una vulnerabilidad de tipo cross-site scripting (XSS) en el plugin Color Dialog para CKEditor versión 4.15.0, permite a atacantes remotos ejecutar script web arbitrario después de persuadir a un usuario para que copie y pegue código HTML diseñado en una de las entradas del editor • https://ckeditor.com/blog/CKEditor-4.15.1-with-a-security-patch-released https://ckeditor.com/cke4/release/CKEditor-4.15.1 https://ckeditor.com/ckeditor-4/download https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuoct2021.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-9440
https://notcve.org/view.php?id=CVE-2020-9440
A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor. Una vulnerabilidad de tipo cross-site scripting (XSS) en el pluging WSC versiones hasta la versión 5.5.7.5 para CKEditor 4, permite a atacantes remotos ejecutar script web arbitrario dentro de un elemento IFRAME mediante la inyección de un elemento HTML especialmente diseñado en el editor. • https://ckeditor.com/blog/CKEditor-4.14-with-Paste-from-LibreOffice-released/#security-issues-fixed https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-9281
https://notcve.org/view.php?id=CVE-2020-9281
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). Una vulnerabilidad de tipo cross-site scripting (XSS) en el HTML Data Processor for CKEditor versiones 4.0 anteriores a 4.14, permite a atacantes remotos inyectar script web arbitrario por medio de un comentario "protected" diseñado (con la sintaxis cke_protected). • https://github.com/ckeditor/ckeditor4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-17960
https://notcve.org/view.php?id=CVE-2018-17960
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. CKEditor en versiones 4.x anteriores a la 4.11.0 permite Cross-Site Scripting (XSS) ayudado por un usuario relacionado con una operación de pegado en modo origen. • http://www.securityfocus.com/bid/109205 https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released https://ckeditor.com/cke4/release/CKEditor-4.11.0 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-9349 – CKEditor for WordPress <= 4.5.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9349
The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser. El plugin ckeditor-for-wordpress antes de 4.5.3.1 para WordPress ha reflejado XSS en el navegador de archivos "built-in (old)". The CKEditor plugin before 4.5.3.1 for WordPress has reflected XSS in the built-in (old) file browser. • https://wordpress.org/plugins/ckeditor-for-wordpress/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •