CKEditor Preview plug-in Cross-Site Scripting Vulnerability (CVE-2014-5191)
Release date:
Updated on:
Affected Systems:
Drupal CKEditor <4.4.3
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69161
CVE (CAN) ID: CVE-2014-5191
CKEditor is a WYSIWYG text editor used in webpages.
CKEditor 4.4.3 Preview plug-in has a cross-site scripting vulnerability. Remote attackers can exploit this vulnerability to inject arbitrary Web scripts or HTML.
<* Source: Mario Heiderich
Link: http://secunia.com/advisories/60036
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Drupal
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://ckeditor.com/node/136981
Recommended Editing:
CKEditor usage
CKEditor works with KCFinder to remotely manage images and publish images and texts.
CKEditor details: click here
CKEditor's: click here
This article permanently updates the link address: