Description
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
Remediation
References
Related Vulnerabilities
WordPress Plugin WP TripAdvisor Review Slider Cross-Site Scripting (11.8)
WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Cross-Site Scripting (4.0.4)
WordPress Plugin ZTR Zeumic Work Timer Multiple Unspecified Vulnerabilities (1.0.6)
Oracle Database Server CVE-2020-2511 Vulnerability (CVE-2020-2511)