Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5191
Reference (s):
- BID:69161
- URL: http://www.securityfocus.com/bid/69161
- http://ckeditor.com/node/136981
- SECUNIA:60036
- URL: http://secunia.com/advisories/60036