A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).

**CKEditor 4 - Smart WYSIWYG HTML editor ![Tweet](https://camo.githubusercontent.com/90bc908826728c0e4261acfff5619fd732c7be2b2a00624fce6363c9a3623c90/68747470733a2f2f696d672e736869656c64732e696f2f747769747465722f75726c2f687474702f736869656c64732e696f2e7376673f7374796c653d736f6369616c)**

![npm version](https://camo.githubusercontent.com/a74916224d8c5c854c559dcd1473956a555f6bd2e5ed451687f47c1048c97ba2/68747470733a2f2f62616467652e667572792e696f2f6a732f636b656469746f72342e737667) ![GitHub tag](https://camo.githubusercontent.com/aeb2fade617177883af4eb69556739a55ef9ea63047515629147f3db52ce45a8/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f7461672f636b656469746f722f636b656469746f72342e737667)

![Build Status](https://camo.githubusercontent.com/68bdce6bfea947fd5b288ffa3953f6fbd88e2ef36d8b1061d11c71fe578704e4/68747470733a2f2f7472617669732d63692e6f72672f636b656469746f722f636b656469746f72342e7376673f6272616e63683d6d616a6f72) ![Dependencies](https://camo.githubusercontent.com/f2d524f4247996fe44d79bf3b8449f2fbdc8a4e6260ed8421884a62eb047d30a/68747470733a2f2f696d672e736869656c64732e696f2f64617669642f636b656469746f722f636b656469746f72342e737667) ![Dev dependencies](https://camo.githubusercontent.com/69284efef3b867d41971966ba2d4c50a9bc417754e9d4d4b6860c72fed9d64b7/68747470733a2f2f696d672e736869656c64732e696f2f64617669642f6465762f636b656469746f722f636b656469746f72342e737667)

![Join newsletter](https://camo.githubusercontent.com/01ff6ce05d0f19075844501a25eb14637df998b74094c49c5b67c36dfe76733e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6a6f696e2d6e6577736c65747465722d3030636339392e737667) ![Follow Twitter](https://camo.githubusercontent.com/c2e5acc723d61e54643c7a8b4199b07b201013cb069885d5f2a59abea728279c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f666f6c6c6f772d747769747465722d3030636339392e737667)

A highly configurable WYSIWYG HTML editor with hundreds of features, from creating rich text content with captioned images, videos, tables, media embeds, emoji or mentions to pasting from Word and Google Docs and drag&drop image upload.

Supports a broad range of browsers, including legacy ones.

![CKEditor 4 screenshot](https://camo.githubusercontent.com/e8c69044950a03abb60e297378e3c0a465aafdf07d6504263bc65143e2f7fe16/68747470733a2f2f632e636b736f757263652e636f6d2f612f312f696d672f6e706d2f636b656469746f72342e706e67)

**Getting started****Using npm package**

npm install --save ckeditor

Use it on your website:

<div id\="editor"\>
    <p\>This is the editor content.</p\>
</div\>
<script src\="./node\_modules/ckeditor/ckeditor.js"\></script\>
<script\>
    CKEDITOR.replace( 'editor' );
</script\>

**Using CDN**

Load the CKEditor 4 script from CDN:

<div id\="editor"\>
    <p\>This is the editor content.</p\>
</div\>
<script src\="https://cdn.ckeditor.com/4.13.0/standard/ckeditor.js"\></script\>
<script\>
    CKEDITOR.replace( 'editor' );
</script\>

**Integrating with Angular, React and Vue.js**

Refer to official usage guides for the `ckeditor4-angular`, `ckeditor4-react` and `ckeditor4-vue` packages.

**Manual download**

Visit the CKEditor 4 download section on the CKEditor website to download ready-to-use CKEditor 4 packages or to create a customized CKEditor 4 build.

**Features**

*   Over 500 plugins in the Add-ons Repository.
*   Pasting from Microsoft Word, Excel and Google Docs.
*   Drag&drop image uploads.
*   Media embeds to insert videos, tweets, maps, slideshows.
*   Powerful clipboard integration.
*   Content quality control with Advanced Content Filter.
*   Extensible widget system.
*   Custom table selection.
*   Accessibility conforming to WCAG and Section 508.
*   Over 70 localizations available with full RTL support.

**Browser support**

![IE / Edge](https://raw.githubusercontent.com/alrra/browser-logos/master/src/edge/edge_48x48.png)  
IE / Edge

![Firefox](https://raw.githubusercontent.com/alrra/browser-logos/master/src/firefox/firefox_48x48.png)  
Firefox

![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/master/src/chrome/chrome_48x48.png)  
Chrome

![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/master/src/chrome/chrome_48x48.png)  
Chrome (Android)

![Safari](https://raw.githubusercontent.com/alrra/browser-logos/master/src/safari/safari_48x48.png)  
Safari

![iOS Safari](https://raw.githubusercontent.com/alrra/browser-logos/master/src/safari-ios/safari-ios_48x48.png)  
iOS Safari

![Opera](https://raw.githubusercontent.com/alrra/browser-logos/master/src/opera/opera_48x48.png)  
Opera

IE8, IE9, IE10, IE11, Edge

latest version

latest version

latest version

latest version

latest version

latest version

Find out more in the Browser Compatibility guide.

**Working with the `ckeditor4` repostiory**

**Attention**: The code in this repository should be used locally and for development purposes only. We do not recommend using it in a production environment because the user experience will be very limited.

**Code installation**

There is no special installation procedure to install the development code. Simply clone it to any local directory and you are set.

**Available branches**

This repository contains the following branches:

*   **`master`** – Development of the upcoming minor release.
*   **`major`** – Development of the upcoming major release.
*   **`stable`** – Latest stable release tag point (non-beta).
*   **`latest`** – Latest release tag point (including betas).
*   **`release/A.B.x`** (e.g. `4.0.x`, `4.1.x`) – Release freeze, tests and tagging. Hotfixing.

Note that both `master` and `major` are under heavy development. Their code did not pass the release testing phase, though, so it may be unstable.

Additionally, all releases have their respective tags in the following form: `4.4.0`, `4.4.1`, etc.

**Samples**

The `samples/` folder contains some examples that can be used to test your installation. Visit CKEditor 4 Examples for plenty of samples showcasing numerous editor features, with source code readily available to view, copy and use in your own solution.

**Code structure**

The development code contains the following main elements:

*   Main coding folders:
    *   `core/` – The core API of CKEditor 4. Alone, it does nothing, but it provides the entire JavaScript API that makes the magic happen.
    *   `plugins/` – Contains most of the plugins maintained by the CKEditor 4 core team.
    *   `skin/` – Contains the official default skin of CKEditor 4.
    *   `dev/` – Contains some developer tools.
    *   `tests/` – Contains the CKEditor 4 tests suite.

**Building a release**

A release-optimized version of the development code can be easily created locally. The `dev/builder/build.sh` script can be used for that purpose:

A "release-ready" working copy of your development code will be built in the new `dev/builder/release/` folder. An Internet connection is necessary to run the builder, for the first time at least.

**Testing environment**

Read more on how to set up the environment and execute tests in the CKEditor 4 Testing Environment guide.

**Reporting issues**

Use the CKEditor 4 GitHub issue page to report bugs and feature requests.

**License**

Copyright (c) 2003-2021, CKSource - Frederico Knabben. All rights reserved.

For licensing, see LICENSE.md or https://ckeditor.com/legal/ckeditor-oss-license

CVE-2020-9281: GitHub - ckeditor/ckeditor4: The best enterprise-grade WYSIWYG editor. Fully customizable with countless features and plugins.

** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end points for a request or a response. The "Age" header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive.

Welcome to the Citrix Knowledge Center. Our site does not support outdated browser (or earlier) versions. To use our site, please take one of the following actions:

*   Upgrade your version of Internet Explorer. You can find more information here
*   Install the Google Chrome browser. You can find information here
*   Install the Firefox browser. You can find information here

Thank you,

The Citrix Knowledge Services Team

CVE-2020-10110: Search

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks.

**Vulnerability type**

CWE-400: Uncontrolled Resource Consumption

**Attack type**

Remote

**Impact**

Denial-of-service, Resource consumption (memory)

**Affected component(s)**

HTTP/1 codec, Connection buffer

**Attack vector(s)**

A HTTP/1.1 request or response with many small (i.e. 1 byte) chunks.

**Discoverer(s)/Credits**

Wenlei (Frank) He (Google LLC)

**Description (full; not included in CVE but will be published on GitHub later and linked)**

Envoy version 1.13.0 or earlier may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks. Envoy allocates a separate buffer fragment for each incoming or outgoing chunk with the size rounded to the nearest 4Kb and does not release empty chunks after committing data. As such processing requests or responses with a lot of small chunks may result in extremely high memory overhead while proxying. The memory overhead could be two to three orders of magnitude more than configured buffer limits.

CVE-2020-8659

CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.

**Vulnerability type**

CWE-400: Uncontrolled Resource Consumption

**Attack type**

Remote

**Impact**

Denial-of-service, Resource consumption (memory)

**Affected component(s)**

HTTP/1 codec

**Attack vector(s)**

A TCP buffer with many pipelined HTTP requests

**Discoverer(s)/Credits**

Alyssa Wilk (Google LLC)

**Description (full; not included in CVE but will be published on GitHub later and linked)**

Envoy version 1.13.0 or earlier may consume excessive amounts of memory when responding internally to pipelined requests. In the case of illegally formed requests, Envoy sends an internally generated 400 error, which is sent to the Network::Connection buffer. If the client reads these responses slowly, it is possible to build up a large number of responses, and consume functionally unlimited memory. This bypasses Envoy’s overload manager, which will itself send an internally generated response when Envoy approaches configured memory thresholds, exacerbating the problem.

CVE-2020-8661

The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.

CVE-2020-9757: craft-seomatic/CHANGELOG.md at v3 · nystudio107/craft-seomatic

Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

About Monorail User Guide Release Notes Feedback on Monorail Terms Privacy

CVE-2020-6418: 1053604 - chromium - An open-source project to help move the web forward.

Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-6383: Stable Channel Update for Desktop

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4.7, watchOS 5.3.7. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

This document describes the security content of watchOS 5.3.7.

**About Apple security updates**

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

**watchOS 5.3.7**

Released May 20, 2020

**Mail**

Available for: Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, and Apple Watch Series 4 when paired to an iPhone with iOS 12 installed

Impact: Processing a maliciously crafted mail message may lead to heap corruption

Description: A memory consumption issue was addressed with improved memory handling.

CVE-2020-9819: ZecOps.com

**Wi-Fi**

Available for: Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, and Apple Watch Series 4 when paired to an iPhone with iOS 12 installed

Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-3843: Ian Beer of Google Project Zero

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: May 26, 2020

CVE-2020-3843: About the security content of watchOS 5.3.7

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution.

Released May 20, 2020

**ImageIO**

Available for: Windows 7 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9789: Wenchao Li of VARAS@IIE

CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab

**ImageIO**

Available for: Windows 7 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-3878: Samuel Groß of Google Project Zero

**SQLite**

Available for: Windows 7 and later

Impact: A malicious application may cause a denial of service or potentially disclose memory contents

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9794

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9805: an anonymous researcher

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9802: Samuel Groß of Google Project Zero

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved memory handling.

CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9806: Wen Xu of SSLab at Georgia Tech

CVE-2020-9807: Wen Xu of SSLab at Georgia Tech

**WebKit**

Available for: Windows 7 and later

Impact: A remote attacker may be able to cause arbitrary code execution

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9850: @jinmo123, @setuid0x0\_, and @insu\_yun\_en of @SSLab\_Gatech working with Trend Micro’s Zero Day Initiative

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to a cross site scripting attack

Description: An input validation issue was addressed with improved input validation.

CVE-2020-9843: Ryan Pickren (ryanpickren.com)

**WebKit**

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2020-9803: Wen Xu of SSLab at Georgia Tech

CVE-2020-3878: About the security content of iTunes 12.10.7 for Windows

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution.

Released January 29, 2020

**ImageIO**

Available for: Windows 10 and later via the Microsoft Store

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-3826: Samuel Groß of Google Project Zero

**libxml2**

Available for: Windows 10 and later via the Microsoft Store

Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow was addressed with improved size validation.

CVE-2020-3846: Ranier Vilela

**WebKit**

Available for: Windows 10 and later via the Microsoft Store

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved state management.

CVE-2020-3867: an anonymous researcher

**WebKit**

Available for: Windows 10 and later via the Microsoft Store

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2020-3825: Przemysław Sporysz of Euvic

CVE-2020-3868: Marcin Towalski of Cisco Talos

**WebKit**

Available for: Windows 10 and later via the Microsoft Store

Impact: A malicious website may be able to cause a denial of service

Description: A denial of service issue was addressed with improved memory handling.

CVE-2020-3862: Srikanth Gatta of Google Chrome

**WebKit**

Available for: Windows 10 and later via the Microsoft Store

Impact: Visiting a maliciously crafted website may reveal the sites a user has visited

Description: The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin.

CVE-2019-8827: Artur Janc, Krzysztof Kotowicz, Lukas Weichselbaum, and Roberto Clapis of Google Security Team

Entry added February 3, 2020

**WebKit Page Loading**

Available for: Windows 10 and later via the Microsoft Store

Impact: A top-level DOM object context may have incorrectly been considered secure

Description: A logic issue was addressed with improved validation.

CVE-2020-3865: Ryan Pickren (ryanpickren.com)

Entry added February 11, 2020

**WebKit Page Loading**

Available for: Windows 10 and later via the Microsoft Store

Impact: A DOM object context may not have had a unique security origin

Description: A logic issue was addressed with improved validation.

CVE-2020-3864: Ryan Pickren (ryanpickren.com)

Entry added February 11, 2020

Tag

#google