CVE-2018-17960: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
References
- ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/
- ckeditor.com/cke4/release/CKEditor-4.11.0
- github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml
- github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml
- github.com/advisories/GHSA-g68x-vvqq-pvw3
- nvd.nist.gov/vuln/detail/CVE-2018-17960
- typo3.org/security/advisory/typo3-core-sa-2018-005
- web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205
- www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Code Behaviors & Features
Detect and mitigate CVE-2018-17960 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →