Description

Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2014-5191

Related Vulnerabilities

WebLogic CVE-2010-4453 Vulnerability (CVE-2010-4453)

WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Arbitrary File Upload (2.0)

Oracle JRE CVE-2012-5075 Vulnerability (CVE-2012-5075)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9481)

WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.31)

Severity

Medium

Classification

CVE-2014-5191 CWE-707

Tags

Missing Update Known Vulnerabilities