A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
{ "binaries": [ { "binary_version": "4.5.7+dfsg-2ubuntu0.16.04.1~esm1", "binary_name": "ckeditor" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }
{ "binaries": [ { "binary_version": "4.5.7+dfsg-2ubuntu0.18.04.1", "binary_name": "ckeditor" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "4.12.1+dfsg-1ubuntu0.1", "binary_name": "ckeditor" } ], "availability": "No subscription required" }