CVE-2020-27193
12.11.2020, 21:15
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.
| Vendor | Product | Version |
|---|---|---|
| ckeditor | ckeditor | 4.15.0 |
| oracle | agile_plm | 9.3.5 |
| oracle | agile_plm | 9.3.6 |
| oracle | application_express | 𝑥 < 21.1.0.00.01 |
| oracle | banking_party_management | 2.7.0 |
| oracle | banking_platform | 2.4.0 |
| oracle | banking_platform | 2.7.0 |
| oracle | banking_platform | 2.7.1 |
| oracle | banking_platform | 2.8.0 |
| oracle | banking_platform | 2.9.0 |
| oracle | commerce_merchandising | 11.0.0 |
| oracle | commerce_merchandising | 11.1.0 |
| oracle | commerce_merchandising | 11.2.0 |
| oracle | commerce_merchandising | 11.3.0 |
| oracle | commerce_merchandising | 11.3.1 |
| oracle | commerce_merchandising | 11.3.2 |
| oracle | financial_services_analytical_applications_infrastructure | 8.0.6 ≤ 𝑥 ≤ 8.0.9 |
| oracle | financial_services_analytical_applications_infrastructure | 8.1.0 |
| oracle | financial_services_analytical_applications_infrastructure | 8.1.1 |
| oracle | jd_edwards_enterpriseone_tools | 𝑥 < 9.2.6.0 |
| oracle | peoplesoft_enterprise_peopletools | 8.56 |
| oracle | peoplesoft_enterprise_peopletools | 8.57 |
| oracle | peoplesoft_enterprise_peopletools | 8.58 |
𝑥
= Vulnerable software versions
References