CVE-2020-27193
- Source
- https://cve.org/CVERecord?id=CVE-2020-27193
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27193.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-27193
- Aliases
- Published
- 2020-11-12T21:15:11.107Z
- Modified
- 2026-04-10T04:25:34.993917Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.
- References
-
- https://ckeditor.com/blog/CKEditor-4.15.1-with-a-security-patch-released/
- https://ckeditor.com/cke4/release/CKEditor-4.15.1
- https://ckeditor.com/ckeditor-4/download/
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
Affected packages
Git / github.com/ckeditor/ckeditor-releases
Affected versions
4.*
4.0.1/standard
4.0/standard
4.1.1/standard
4.1.2/standard
4.1.3/standard
4.1/standard
4.1rc/standard
4.2.1/standard
4.2.2/standard
4.2.3/standard
4.2/standard
4.3.0/standard
4.3.1/standard
4.3.2/standard
standard/4.*
standard/4.10.0
standard/4.10.1
standard/4.11.0
standard/4.11.1
standard/4.11.2
standard/4.11.3
standard/4.11.4
standard/4.12.0
standard/4.12.1
standard/4.13.0
standard/4.13.1
standard/4.14.0
standard/4.14.1
standard/4.15.0
standard/4.3.3
standard/4.3.4
standard/4.3.5
standard/4.4.0
standard/4.4.1
standard/4.4.2
standard/4.4.3
standard/4.4.4
standard/4.4.5
standard/4.4.6
standard/4.4.7
standard/4.4.8
standard/4.5.0
standard/4.5.1
standard/4.5.10
standard/4.5.11
standard/4.5.2
standard/4.5.3
standard/4.5.4
standard/4.5.5
standard/4.5.6
standard/4.5.7
standard/4.5.8
standard/4.5.9
standard/4.6.0
standard/4.6.1
standard/4.6.2
standard/4.7.0
standard/4.7.1
standard/4.7.2
standard/4.7.3
standard/4.8.0
standard/4.9.0
standard/4.9.1
standard/4.9.2
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.3.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.3.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "21.1.0.00.01"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.7.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.2.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.3.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.3.2"
}
]
},
{
"events": [
{
"introduced": "8.0.6"
},
{
"last_affected": "8.0.9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.1.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.1.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.2.6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.56"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.57"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.58"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27193.json"