CKEditor 4.5.11 < 4.9.2 Enhanced Image Plugin XSS
Medium Nessus Plugin ID 109403
SynopsisThe remote web server hosts a script that is affected by a cross-site scripting vulnerability.
DescriptionThe version of CKEditor installed on the remote host is affected by a cross-site scripting vulnerability.
The included 'Enhanced Image' plugin causes CKEditor to fail to properly sanitize user-supplied input. A remote, unauthenticated attacker can leverage this issue to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.
SolutionUpgrade to version CKEditor 4.9.2 or later.