A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-03-07T00:02:27
Updated: 2024-08-04T10:26:15.821Z
Reserved: 2020-02-19T00:00:00
Link: CVE-2020-9281
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-03-07T01:15:15.517
Modified: 2024-11-21T05:40:20.923
Link: CVE-2020-9281
Redhat
No data.