CVE-2020-9281: XSS
First published: Sat Mar 07 2020(Updated: )
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ckeditor Ckeditor | >=4.0<4.14 | |
| Fedoraproject Fedora | =30 | |
| Fedoraproject Fedora | =31 | |
| Fedoraproject Fedora | =32 | |
| Drupal Drupal | >=8.7.0<8.7.12 | |
| Drupal Drupal | >=8.8.0<8.8.4 | |
| Oracle Agile PLM | =9.3.5 | |
| Oracle Agile PLM | =9.3.6 | |
| Oracle Application Express | <20.2 | |
| Oracle Jd Edwards Enterpriseone Tools | <9.2.5.2 | |
| Oracle PeopleSoft Enterprise PeopleTools | ||
| Oracle PeopleSoft Enterprise PeopleTools | =8.56 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.57 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.58 | |
| Oracle Siebel Apps - Customer Order Management | <21.0 | |
| Oracle WebCenter Portal | =11.1.1.9.0 | |
| Oracle WebCenter Portal | =12.2.1.3.0 | |
| Oracle WebCenter Portal | =12.2.1.4.0 | |
| Oracle Banking Enterprise Default Management | =2.6.2 | |
| Oracle Banking Enterprise Default Management | =2.7.0 | |
| Oracle Banking Enterprise Default Management | =2.7.1 | |
| Oracle Banking Enterprise Default Management | =2.10.0 | |
| Oracle Banking Enterprise Default Management | =2.12.0 | |
| Oracle Banking Enterprise Default Managment | >=2.3.0<=2.4.0 | |
| IBM IBM® Engineering Requirements Management DOORS | <=9.7.2.7 | |
| IBM IBM® Engineering Requirements Management DOORS Web Access | <=9.7.2.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/ckeditor/ckeditor4
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/177488
- https://www.ibm.com/support/pages/node/6520510 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE/
- collector/nvd-index
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/softwarecombine
- collector/ibm-support
- source/IBM
- agent/references
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/ckeditor
- canonical/ckeditor ckeditor
- version/ckeditor ckeditor/4.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/30
- version/fedoraproject fedora/31
- version/fedoraproject fedora/32
- vendor/drupal
- canonical/drupal drupal
- version/drupal drupal/8.7.0
- version/drupal drupal/8.8.0
- vendor/oracle
- canonical/oracle agile plm
- version/oracle agile plm/9.3.5
- version/oracle agile plm/9.3.6
- canonical/oracle application express
- canonical/oracle jd edwards enterpriseone tools
- canonical/oracle peoplesoft enterprise peopletools
- version/oracle peoplesoft enterprise peopletools/8.56
- version/oracle peoplesoft enterprise peopletools/8.57
- version/oracle peoplesoft enterprise peopletools/8.58
- canonical/oracle siebel apps - customer order management
- canonical/oracle webcenter portal
- version/oracle webcenter portal/11.1.1.9.0
- version/oracle webcenter portal/12.2.1.3.0
- version/oracle webcenter portal/12.2.1.4.0
- canonical/oracle banking enterprise default management
- version/oracle banking enterprise default management/2.6.2
- version/oracle banking enterprise default management/2.7.0
- version/oracle banking enterprise default management/2.7.1
- version/oracle banking enterprise default management/2.10.0
- version/oracle banking enterprise default management/2.12.0
- canonical/oracle banking enterprise default managment
- version/oracle banking enterprise default managment/2.3.0
- version/oracle banking enterprise default managment/2.4.0