CVE-2020-9281
published 2020-03-07CVE-2020-9281: A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ckeditor | ckeditor | >= 0 < 4.5.7+dfsg-2ubuntu0.18.04.1 | 4.5.7+dfsg-2ubuntu0.18.04.1 |
| ckeditor | ckeditor | >= 0 < 4.12.1+dfsg-1ubuntu0.1 | 4.12.1+dfsg-1ubuntu0.1 |
| ckeditor | ckeditor | >= 0 < 4.5.7+dfsg-2ubuntu0.16.04.1~esm1 | 4.5.7+dfsg-2ubuntu0.16.04.1~esm1 |
| ckeditor | ckeditor | >= 4.0 < 4.14 | 4.14 |
| ckeditor | ckeditor4 | >= 0 < 4.14.0 | 4.14.0 |
| drupal | drupal | >= 8.7.0 < 8.7.12 | 8.7.12 |
| drupal | drupal | >= 8.8.0 < 8.8.4 | 8.8.4 |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fortinet | fortianalyzer | — | — |
| fortinet | fortianalyzer | 6.0.0 – 6.2.9 | — |
| fortinet | fortianalyzer | 6.4.0 – 6.4.8 | — |
| fortinet | fortianalyzer | 7.0.0 – 7.0.4 | — |
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | 6.0.0 – 6.2.9 | — |
| fortinet | fortimanager | 6.4.0 – 6.4.8 | — |
| fortinet | fortimanager | 7.0.0 – 7.0.4 | — |
| oracle | agile_plm | — | — |
| oracle | agile_plm | — | — |
| oracle | application_express | < 20.2 | 20.2 |
| oracle | banking_enterprise_default_management | — | — |
| oracle | banking_enterprise_default_management | — | — |
| oracle | banking_enterprise_default_management | — | — |
| oracle | banking_enterprise_default_management | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM