CVE-2020-9281

{"id": "CVE-2020-9281", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-03-07T01:15:15.517", "references": [{"url": "https://github.com/ckeditor/ckeditor4", "tags": ["Product", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4/", "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpujan2022.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Not Applicable", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted \"protected\" comment (with the cke_protected syntax)."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en el HTML Data Processor for CKEditor versiones 4.0 anteriores a 4.14, permite a atacantes remotos inyectar script web arbitrario por medio de un comentario \"protected\" dise\u00f1ado (con la sintaxis cke_protected)."}], "lastModified": "2023-11-07T03:26:50.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ckeditor:ckeditor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD2A80E8-E9A1-4C53-8CA1-7961EEBF5484", "versionEndExcluding": "4.14", "versionStartIncluding": "4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C94963F-9771-4519-8D82-4EE9430BF3E7", "versionEndExcluding": "8.7.12", "versionStartIncluding": "8.7.0"}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7974503-263F-4534-8895-DDF0866F0D61", "versionEndExcluding": "8.8.4", "versionStartIncluding": "8.8.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED43772F-D280-42F6-A292-7198284D6FE7"}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2"}, {"criteria": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96FC5AC6-88AC-4C4D-8692-7489D6DE8E16", "versionEndExcluding": "20.2"}, {"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0F00658-CE6C-4198-BE33-435BD67761E5", "versionEndExcluding": "9.2.5.2"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35070A11-340A-449E-B5FA-B8769C5EA2A2"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9"}, {"criteria": "cpe:2.3:a:oracle:siebel_apps_-_customer_order_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6443929-70D6-4C9A-AF95-EFFD34E388FC", "versionEndExcluding": "21.0"}, {"criteria": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7756147-7168-4E03-93EE-31379F6BE88E"}, {"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728"}, {"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E60C0966-BF0D-4D18-B09B-5D0BB96DBFF3"}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0FCD3BC-33D8-49D1-844B-6B9DE0CA4997"}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "473749BD-267E-480F-8E7F-C762702DB66E"}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74C7E2F1-17FC-4322-A5C3-F7EB612BA4F5"}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "320D36DA-D99F-4149-B582-3F4AB2F41A1B"}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_managment:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05E4EB25-7B7A-4A10-A535-8C7CA4D6FEB6", "versionEndIncluding": "2.4.0", "versionStartIncluding": "2.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}