CVE-2020-27193

Cross-site Scripting in npm/ckeditor4

Identifier

CVE-2020-27193

Package Slug

npm/ckeditor4

Vulnerability

Cross-site Scripting

Description

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEdit allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.

Affected Versions

Version 4.15.0

Solution

Upgrade to version 4.15.1 or above.

Last Modified

2020-11-18

source