2 matches found
Improper Neutralization of Input During Web Page Generation in CKEditor4
A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...
CVE-2020-27193
CVE-2020-27193 is an XSS in CKEditor 4.15.0 Color Dialog. A remote attacker can lure a user to paste crafted HTML into the editor, causing script execution in the user’s browser. The vulnerability is addressed by CKEditor 4.15.1 security patch; IBM/OSS bulletins also reference the fix. Affected p...