A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.
{ "ubuntu_priority": "medium", "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "ckeditor", "binary_version": "4.5.7+dfsg-2ubuntu0.16.04.1~esm1" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "ckeditor", "binary_version": "4.5.7+dfsg-2ubuntu0.18.04.1" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "ckeditor", "binary_version": "4.12.1+dfsg-1ubuntu0.1" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "ckeditor", "binary_version": "4.16.0+dfsg-2" } ] }