Description CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. Remediation References CVE-2018-17960 Related Vulnerabilities WordPress Plugin mTouch Quiz Multiple Vulnerabilities (3.1.2) Magento Insufficient Session Expiration Vulnerability (CVE-2021-21032) WordPress Plugin Soundy Background Music Cross-Site Scripting (3.1) WordPress Plugin Gallery Objects SQL Injection (0.4) Oracle JRE CVE-2019-2981 Vulnerability (CVE-2019-2981) Severity Medium Classification CVE-2018-17960 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities