IBM OpenPages GRC Platform has addressed CKEditor (Preview Plugin) vulnerability (CVE-2014-5191)
CVEID: CVE-2014-5191 DESCRIPTION: Preview Plugin for CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victimβs Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victimβs cookie-based authentication credentials.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95197> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
IBM OpenPages GRC Platform versions 7.3 through 8.0
A fix has been created for each affected version of the named product. Download and install the fix as soon as possible. Fixes and installation instructions are provided at the URLs listed below:
Product | VRMF | Remediation/First Fix |
---|---|---|
IBM OpenPages GRC Platform 8.0 | ||
8.0.0.2 | <https://www.ibm.com/support/docview.wss?uid=ibm10744175> | |
IBM OpenPages GRC Platform7.3.0 | ||
7.3.0.3 | <https://www.ibm.com/support/docview.wss?uid=ibm10794867> |
None known, apply fixes.