CKEditor vulnerability 

Issue date: 06-07-2021
Affects versions: 14.5, 13.4, 12.6

Security Issue ID

SECURITY-214

 

Affected Product Version(s)

14.5.1, 12.6.15, 13.4.8 and previous releases.

Severity 

medium

Description

An XSS vulnerability in the Color History feature was found in CKEditor v4.15 and below. See release notes.

 

Instructions

Customers using the 12.x, 13.x and 14.x major versions are recommended to upgrade to the latest version in that series.