A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
{ "ubuntu_priority": "medium", "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "ckeditor", "binary_version": "4.5.7+dfsg-2ubuntu0.16.04.1~esm1" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "ckeditor", "binary_version": "4.5.7+dfsg-2ubuntu0.18.04.1" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "ckeditor", "binary_version": "4.12.1+dfsg-1ubuntu0.1" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "ckeditor", "binary_version": "4.16.2+dfsg-1" } ] }