Description
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
Remediation
References
Related Vulnerabilities
MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3313)
WordPress Plugin Adblock Blocker Arbitrary File Upload (0.0.1)
Drupal Incorrect Authorization Vulnerability (CVE-2022-25270)
Lodash Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-1010266)
CKEditor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-31541)