CVE-2017-14197
Squiz Matrix WYSIWYG plugin is affected by multiple reflected XSS issues. Affected: Matrix WYSIWYG plugins in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Impact: remote attacker can inject arbitrary web script or HTML. Remediation: upgrade to 5.3.6.1 or 5.4.1.3 (or newer) where fixed.