6.1
CVE-2020-27193
- EPSS 0.91%
- Veröffentlicht 12.11.2020 21:15:11
- Zuletzt bearbeitet 21.11.2024 05:20:50
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Application Express Version < 21.1.0.00.01
Oracle ≫ Banking Party Management Version2.7.0
Oracle ≫ Banking Platform Version2.4.0
Oracle ≫ Banking Platform Version2.7.0
Oracle ≫ Banking Platform Version2.7.1
Oracle ≫ Banking Platform Version2.8.0
Oracle ≫ Banking Platform Version2.9.0
Oracle ≫ Commerce Merchandising Version11.0.0
Oracle ≫ Commerce Merchandising Version11.1.0
Oracle ≫ Commerce Merchandising Version11.2.0
Oracle ≫ Commerce Merchandising Version11.3.0
Oracle ≫ Commerce Merchandising Version11.3.1
Oracle ≫ Commerce Merchandising Version11.3.2
Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 8.0.6 <= 8.0.9
Oracle ≫ Financial Services Analytical Applications Infrastructure Version8.1.0
Oracle ≫ Financial Services Analytical Applications Infrastructure Version8.1.1
Oracle ≫ Jd Edwards Enterpriseone Tools Version < 9.2.6.0
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.56
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.57
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.91% | 0.738 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.