CVE-2020-9281 vulnerability in Ckeditor and Other Products
Published on March 7, 2020

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2020-9281

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-9281 are published in these products:

Ckeditor

Fedora Project Fedora

Drupal

Oracle Agile Product Lifecycle Management

Oracle Application Express

Oracle Banking Platform

Oracle Commerce Merchandising

Oracle Jd Edwards Enterpriseone Tools

Oracle Peoplesoft Enterprise Peopletools

Oracle Siebel Customer Order Management

Oracle Webcenter Portal

Oracle Agile Plm

Oracle Siebel Apps Customer Order Management

Oracle Banking Enterprise Default Managment

Canonical Ubuntu Linux

Oracle Banking Enterprise Default Management

Exploit Probability

EPSS

1.19%

Percentile

78.57%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-9281 vulnerability in Ckeditor and Other ProductsPublished on March 7, 2020

Products Associated with CVE-2020-9281

Exploit Probability

CVE-2020-9281 vulnerability in Ckeditor and Other Products
Published on March 7, 2020