← Back

CVE-2020-27193

nvd nist
Published: Nov 12, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.

Affected (23)

Ckeditor
1 product
Ckeditor
Oracle
8 products
Agile Plm
Application Express
Banking Party Management
Banking Platform
Commerce Merchandising
Financial Services Analytical Applications Infrastructure
Jd Edwards Enterpriseone Tools
Peoplesoft Enterprise Peopletools
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Ckeditor
Version 4.15.0
Configuration B
22 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Agile Plm
Version 9.3.5
Agile Plm
Version 9.3.6
Application Express
Before 21.1.0.00.01
Banking Party Management
Version 2.7.0
Oracle
Banking Platform
Version 2.4.0
Banking Platform
Version 2.7.0
Banking Platform
Version 2.7.1
Banking Platform
Version 2.8.0
Banking Platform
Version 2.9.0
Oracle
Commerce Merchandising
Version 11.0.0
Commerce Merchandising
Version 11.1.0
Commerce Merchandising
Version 11.2.0
Commerce Merchandising
Version 11.3.0
Commerce Merchandising
Version 11.3.1
Commerce Merchandising
Version 11.3.2
Oracle
Financial Services Analytical Applications Infrastructure
From 8.0.6 to 8.0.9
Financial Services Analytical Applications Infrastructure
Version 8.1.0
Financial Services Analytical Applications Infrastructure
Version 8.1.1
Jd Edwards Enterpriseone Tools
Before 9.2.6.0
Oracle
Peoplesoft Enterprise Peopletools
Version 8.56
Peoplesoft Enterprise Peopletools
Version 8.57
Peoplesoft Enterprise Peopletools
Version 8.58

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (12)

Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.