PT-2021-4279

Name of the Vulnerable Software and Affected Versions CKEditor 4 versions 4.14.0 through 4.16.x Description A cross-site scripting XSS vulnerability in the HTML Data Processor allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled. This...

GHSA-VCJF-MGCG-JXJQ CKEditor 4.0 vulnerability in the HTML Data Processor

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14.0 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

CKEditor 4.0 vulnerability in the HTML Data Processor

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14.0 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

Cross-site Scripting (XSS)

ckeditor4 is vulnerable to cross-site scripting XSS. The attack exists because HTML Data Processor does not discard the comment with ckeprotected syntax, allowing an attacker to inject malicious script with that syntax...

CKEditor cross-site scripting vulnerability (CNVD-2020-16705)

CKEditor is an open source WYSIWYG text editor specialized for use on web pages. A cross-site scripting vulnerability exists in the "HTML Data Processor" in CKEditor. The vulnerability can be exploited by remote attackers to inject arbitrary web scripts via specially crafted "protected" comments...

CVE-2020-9281

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

CVE-2020-9281

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

Cross site scripting

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

CVE-2020-9281

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

CVE-2020-9281

CVE-2020-9281 is an XSS in CKEditor’s HTML Data Processor that allows remote script execution via a crafted protected comment (CKEditor syntax cke_protected). Affected are CKEditor 4.0–before 4.14. IBM DOORS/DOORS Web Access bullets include this CVE and note remediation: upgrade to CKEditor 4.17....

PT-2020-4408 · Cksource +2 · Ckeditor +2

Name of the Vulnerable Software and Affected Versions: CKEditor versions 4.0 through 4.14 Description: A cross-site scripting XSS issue exists due to insufficient input validation in the HTML Data Processor for CKEditor. This allows remote attackers to inject arbitrary web script through a crafte...

Invision Power Board Cross-Site Scripting Vulnerability

Invision Power Board is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2007-4999

libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service NULL dereference and application crash via a message that contains invalid HTML data, a different vector than CVE-2007-4996...

CVE-2007-4999

libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service NULL dereference and application crash via a message that contains invalid HTML data, a different vector than CVE-2007-4996...

CVE-2007-1840

lib/modules.inc in LDAP Account Manager LAM before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting XSS...