Description
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.
Remediation
References
Related Vulnerabilities
WordPress Plugin Simple Job Board Cross-Site Scripting (2.9.4)
Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28923)
Microsoft IIS5 NTLM and Basic authentication bypass
Oracle Database Server CVE-2014-0378 Vulnerability (CVE-2014-0378)
Oracle Database Server CVE-2015-4740 Vulnerability (CVE-2015-4740)