Description
A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor.
Remediation
References
Related Vulnerabilities
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2018-1000861)
Django Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0473)
WordPress Plugin Google Maps by BestWebSoft Multiple Cross-Site Scripting Vulnerabilities (1.2.1)