CKEditor 4.0.1 cross-site scripting vulnerability