ckeditor4 is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser via the Color History feature.
CPE | Name | Operator | Version |
---|---|---|---|
ckeditor4 | eq | 4.15.0 | |
ckeditor4-dev | eq | 4.15.0 | |
ckeditor4 | eq | 4.15.0 | |
ckeditor4-dev | eq | 4.15.0 |