CKEditor4 is vulnerable to Cross-site Scripting. The vulnerability is due to editor instances that have enabled full-page editing mode or enabled CDATA elements in the Advanced Content Filtering configuration (which defaults to script and style elements). This flaw allows an attacker to inject malformed HTML content that bypasses the Advanced Content Filtering mechanism, resulting in the execution of JavaScript…Read More