CVE-2020-27193
published 2020-11-12CVE-2020-27193: A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ckeditor | ckeditor | — | — |
| ckeditor | ckeditor4 | >= 0 < 4.15.1 | 4.15.1 |
| oracle | agile_plm | — | — |
| oracle | agile_plm | — | — |
| oracle | application_express | < 21.1.0.00.01 | 21.1.0.00.01 |
| oracle | banking_party_management | — | — |
| oracle | banking_platform | — | — |
| oracle | banking_platform | — | — |
| oracle | banking_platform | — | — |
| oracle | banking_platform | — | — |
| oracle | banking_platform | — | — |
| oracle | commerce_merchandising | — | — |
| oracle | commerce_merchandising | — | — |
| oracle | commerce_merchandising | — | — |
| oracle | commerce_merchandising | — | — |
| oracle | commerce_merchandising | — | — |
| oracle | commerce_merchandising | — | — |
| oracle | financial_services_analytical_applications_infrastructure | — | — |
| oracle | financial_services_analytical_applications_infrastructure | — | — |
| oracle | financial_services_analytical_applications_infrastructure | 8.0.6 – 8.0.9 | — |
| oracle | jd_edwards_enterpriseone_tools | < 9.2.6.0 | 9.2.6.0 |
| oracle | peoplesoft_enterprise_peopletools | — | — |
| oracle | peoplesoft_enterprise_peopletools | — | — |
| oracle | peoplesoft_enterprise_peopletools | — | — |