CVE-2018-17960
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/typo3/cms-core
Identifiers
GHSA-g68x-vvqq-pvw3, CVE-2018-17960
Package Slug
packagist/typo3/cms-core
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
Affected Versions
All versions starting from 8.0.0 before 8.7.21, all versions starting from 9.0.0 before 9.5.2
Solution
Upgrade to versions 8.7.21, 9.5.2 or above.
Last Modified
2024-02-05
| source |