CVE-2020-27193

Name of the Vulnerable Software and Affected Versions CKEditor version 4.15.0

Description A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of the editor inputs. This issue is related to the lack of protection measures for the web page structure, which can be exploited by a remote attacker to conduct cross-site scripting attacks by uploading specially crafted HTML code.

Recommendations For CKEditor version 4.15.0, consider disabling the Color Dialog plugin until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the editor inputs to minimize the risk of arbitrary web script execution. Avoid allowing users to copy and paste crafted HTML code into the editor inputs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.