EPSS
Percentile
56.9%
CKEditor is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victimβs browser to steal session tokens or perform unwanted actions on behalf of the user.
ckeditor.com/node/136981
secunia.com/advisories/60036
www.securityfocus.com/bid/69161