-
-
Notifications
You must be signed in to change notification settings - Fork 231
Expand file tree
/
Copy pathCVE-2020-27193.yml
More file actions
24 lines (24 loc) · 1021 Bytes
/
CVE-2020-27193.yml
File metadata and controls
24 lines (24 loc) · 1021 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
---
gem: ckeditor
cve: 2020-27193
ghsa: 4m44-5j2g-xf64
url: https://ckeditor.com/blog/CKEditor-4.15.1-with-a-security-patch-released/
title: Improper Neutralization of Input During Web Page Generation in CKEditor4
date: 2022-05-24
description: |
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin
for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading
a user to copy and paste crafted HTML code into one of editor inputs.
cvss_v3: 6.1
patched_versions:
- ">= 5.1.2"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2020-27193
- https://ckeditor.com/blog/CKEditor-4.15.1-with-a-security-patch-released/
- https://ckeditor.com/cke4/release/CKEditor-4.15.1
- https://ckeditor.com/ckeditor-4/download/
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://github.com/advisories/GHSA-4m44-5j2g-xf64