VDB
CVE-2020-9440
CVE-2020-9440
PUBLISHED
A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor.
EPSS 0.49% · 65.7th percentile
Risk Scores
EPSS Score
0.49%
65.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | ckeditor | 0, *, 4.16.2+dfsg-1 |
| Ubuntu:Pro:20.04:LTS | ckeditor | 4.11.1+dfsg-1, 0, 4.12.1+dfsg-1ubuntu0.1+esm2 |
| Ubuntu:Pro:18.04:LTS | ckeditor | 4.5.7+dfsg-2ubuntu0.18.04.1+esm1, 0, 4.5.7+dfsg-2 |
| Ubuntu:Pro:16.04:LTS | ckeditor | 0, *, 4.5.7+dfsg-2ubuntu0.16.04.1~esm3 |
Exploit Intelligence
Timeline
- Mar 10, 2020 CVE Published
- Mar 29, 2020 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-9440 third-party-advisory
- https://ckeditor.com/blog/CKEditor-4.14-with-Paste-from-LibreOffice-released/#security-issues-fixed third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-9440 third-party-advisory