Description
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
Remediation
References
Related Vulnerabilities
Magento CVE-2019-8121 Vulnerability (CVE-2019-8121)
PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-8823)
WordPress Plugin Easy PayPal Gift Certificate Multiple Vulnerabilities (1.2.3)
WordPress Plugin Events Manager 'events-manager.php' SQL Injection (2.1)