Or Sahar

**Name of the Vulnerable Software and Affected Versions** CKEditor 4 versions 4.14.0 through 4.16.x **Description** A cross-site scripting (XSS) vulnerability in the HTML Data Processor allows remote attackers to inject executable JavaScript code through a crafted comment because `--!>` is mishandled. This issue may allow a remote attacker to impact data integrity. **Recommendations** For CKEditor 4 versions 4.14.0 through 4.16.x, update to version 4.16.1 or later to resolve the issue. As a temporary workaround, consider disabling the HTML Data Processor feature until a patch is available. Restrict access to the HTML Data Processor module to minimize the risk of exploitation. Avoid using crafted comments in the affected module until the issue is resolved.