The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2021-6076 Related Report None Severity MEDIUM Exploit Difficulty Difficult Platform Affects all platforms supported by the vulnerable versions. Description HTML Injection. A malicious editor can save specially crafted content that is later loaded as WYSIWYG editor content by an unsuspecting user editing the same page, and if the second user opens certain editor dialogs while having that content selected, the content can be displayed to the user unescaped.
Discovered April 28, 2021 Resolved May 3, 2021 Patches Available 4.1.1 Patch Level 4
4.1.0 Patch Level 6
4.1.0 RC 3 Patch Level 8
This page has been seen 135,733 times.
-
-
Created by on
-