CKEditor 4.0 vulnerability in the HTML Data Processor

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14.0 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

GHSA-VCJF-MGCG-JXJQ CKEditor 4.0 vulnerability in the HTML Data Processor

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14.0 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

Cross-site Scripting (XSS)

ckeditor4 is vulnerable to cross-site scripting XSS. The attack exists because HTML Data Processor does not discard the comment with ckeprotected syntax, allowing an attacker to inject malicious script with that syntax...

CKEditor cross-site scripting vulnerability (CNVD-2020-16705)

CKEditor is an open source WYSIWYG text editor specialized for use on web pages. A cross-site scripting vulnerability exists in the "HTML Data Processor" in CKEditor. The vulnerability can be exploited by remote attackers to inject arbitrary web scripts via specially crafted "protected" comments...

CVE-2020-9281

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

CVE-2020-9281

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

Cross site scripting

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

CVE-2020-9281

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

CVE-2020-9281

CVE-2020-9281 is an XSS in CKEditor’s HTML Data Processor that allows remote script execution via a crafted protected comment (CKEditor syntax cke_protected). Affected are CKEditor 4.0–before 4.14. IBM DOORS/DOORS Web Access bullets include this CVE and note remediation: upgrade to CKEditor 4.17....

PT-2020-4408 · Cksource +2 · Ckeditor +2

Name of the Vulnerable Software and Affected Versions: CKEditor versions 4.0 through 4.14 Description: A cross-site scripting XSS issue exists due to insufficient input validation in the HTML Data Processor for CKEditor. This allows remote attackers to inject arbitrary web script through a crafte...