Описание
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 4.5.7+dfsg-2ubuntu0.18.04.1 |
| devel | not-affected | 4.16.0+dfsg-2 |
| esm-apps/bionic | released | 4.5.7+dfsg-2ubuntu0.18.04.1 |
| esm-apps/focal | released | 4.12.1+dfsg-1ubuntu0.1 |
| esm-apps/jammy | not-affected | 4.16.0+dfsg-2 |
| esm-apps/xenial | released | 4.5.7+dfsg-2ubuntu0.16.04.1~esm1 |
| esm-infra-legacy/trusty | DNE | |
| focal | released | 4.12.1+dfsg-1ubuntu0.1 |
| groovy | ignored | end of life, was needed |
| hirsute | ignored | end of life |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.
A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...
Уязвимость WYSIWYG-редактора CKEditor, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3