First published: Sat Mar 07 2020(Updated: )
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ckeditor Ckeditor | >=4.0<4.14 | |
Fedoraproject Fedora | =30 | |
Fedoraproject Fedora | =31 | |
Fedoraproject Fedora | =32 | |
Drupal Drupal | >=8.7.0<8.7.12 | |
Drupal Drupal | >=8.8.0<8.8.4 | |
Oracle Agile PLM | =9.3.5 | |
Oracle Agile PLM | =9.3.6 | |
Oracle Application Express | <20.2 | |
Oracle Jd Edwards Enterpriseone Tools | <9.2.5.2 | |
Oracle PeopleSoft Enterprise PeopleTools | ||
Oracle PeopleSoft Enterprise PeopleTools | =8.56 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.57 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.58 | |
Oracle Siebel Apps - Customer Order Management | <21.0 | |
Oracle WebCenter Portal | =11.1.1.9.0 | |
Oracle WebCenter Portal | =12.2.1.3.0 | |
Oracle WebCenter Portal | =12.2.1.4.0 | |
Oracle Banking Enterprise Default Management | =2.6.2 | |
Oracle Banking Enterprise Default Management | =2.7.0 | |
Oracle Banking Enterprise Default Management | =2.7.1 | |
Oracle Banking Enterprise Default Management | =2.10.0 | |
Oracle Banking Enterprise Default Management | =2.12.0 | |
Oracle Banking Enterprise Default Managment | >=2.3.0<=2.4.0 | |
IBM IBM® Engineering Requirements Management DOORS | <=9.7.2.7 | |
IBM IBM® Engineering Requirements Management DOORS Web Access | <=9.7.2.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.