Description
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
Remediation
References
Related Vulnerabilities
Coppermine Multiple Cross-site Scripting (XSS) Vulnerabilities (CVE-2015-6528)
WordPress Plugin Import and export users and customers Cross-Site Scripting (1.12)
Contao Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-37626)
Squid Uncontrolled Resource Consumption Vulnerability (CVE-2021-46784)