Prophaze WAF Blog

CKEditor was found with cross site scripting vulnerability - Cloud WAF

Written by Rajaneesh | Jul 23, 2019 8:17:30 AM

CKEditor was found to be prone to cross site scripting vulnerability. It would fail to sanitise user inputs properly. An attacker may make use of this vulnerability to execute arbitrary script code in the browser of a user. They will be doing so in the context of the affected site .This may also allow the attacker to steal cookie based authentication credentials. This can also enable them to also launch other such attacks easily.

Affected version :-

Oracle PeopleSoft Enterprise PeopleTools 8.57
Oracle PeopleSoft Enterprise PeopleTools 8.56
Oracle PeopleSoft Enterprise PeopleTools 8.55
Drupal Drupal 8.5.1
Drupal Drupal 8.5
Drupal Drupal 8.4.6
Drupal Drupal 8.4.5
Drupal Drupal 8.4.4
Drupal Drupal 8.4.3
Drupal Drupal 8.4.2
Drupal Drupal 8.4.1
Drupal Drupal 8.4
Drupal Drupal 8.3.9
Drupal Drupal 8.3.8
Drupal Drupal 8.3.7
Drupal Drupal 8.3.6
Drupal Drupal 8.3.5
Drupal Drupal 8.3.4
Drupal Drupal 8.3.3
Drupal Drupal 8.3.2
Drupal Drupal 8.3.1
Drupal Drupal 8.2.8
Drupal Drupal 8.2.7
Drupal Drupal 8.2.3
Drupal Drupal 8.2.2
Drupal Drupal 8.2.1
Drupal Drupal 8.2
Drupal Drupal 8.1.10
Drupal Drupal 8.1.9
Drupal Drupal 8.1.8
Drupal Drupal 8.0.4
Drupal Drupal 8.0.3
Drupal Drupal 8.0.2
Drupal Drupal 8.0.1
Drupal Drupal 8.1.7
Drupal Drupal 8.1.6
Drupal Drupal 8.1.5
Drupal Drupal 8.1.4
Drupal Drupal 8.1.3
Drupal Drupal 8.1.0
Drupal Drupal 8.0
Ckeditor Ckeditor 4.9.1
Ckeditor Ckeditor 4.9
Ckeditor Ckeditor 4.8
Ckeditor Ckeditor 4.7.3
Ckeditor Ckeditor 4.7.2
Ckeditor Ckeditor 4.7.1
Ckeditor Ckeditor 4.7
Ckeditor Ckeditor 4.6.2
Ckeditor Ckeditor 4.6.1
Ckeditor Ckeditor 4.6
Ckeditor Ckeditor 4.5.11
Ckeditor Ckeditor 4.5.10