CVE-2020-9281
07.03.2020, 01:15
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
| Vendor | Product | Version |
|---|---|---|
| ckeditor | ckeditor | 4.0 ≤ 𝑥 < 4.14 |
| drupal | drupal | 8.7.0 ≤ 𝑥 < 8.7.12 |
| drupal | drupal | 8.8.0 ≤ 𝑥 < 8.8.4 |
| oracle | agile_plm | 9.3.5 |
| oracle | agile_plm | 9.3.6 |
| oracle | application_express | 𝑥 < 20.2 |
| oracle | jd_edwards_enterpriseone_tools | 𝑥 < 9.2.5.2 |
| oracle | peoplesoft_enterprise_peopletools | - |
| oracle | peoplesoft_enterprise_peopletools | 8.56 |
| oracle | peoplesoft_enterprise_peopletools | 8.57 |
| oracle | peoplesoft_enterprise_peopletools | 8.58 |
| oracle | siebel_apps_-_customer_order_management | 𝑥 < 21.0 |
| oracle | webcenter_portal | 11.1.1.9.0 |
| oracle | webcenter_portal | 12.2.1.3.0 |
| oracle | webcenter_portal | 12.2.1.4.0 |
| oracle | banking_enterprise_default_management | 2.6.2 |
| oracle | banking_enterprise_default_management | 2.7.0 |
| oracle | banking_enterprise_default_management | 2.7.1 |
| oracle | banking_enterprise_default_management | 2.10.0 |
| oracle | banking_enterprise_default_management | 2.12.0 |
| oracle | banking_enterprise_default_managment | 2.3.0 ≤ 𝑥 ≤ 2.4.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
References