Miggo Logo
Miggo Vulnerability Database
CVE-2020-9281

CVE-2020-9281:
CKEditor 4.0 vulnerability in the HTML Data Processor

6.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-9281
GHSA ID
GHSA-vcjf-mgcg-jxjq
EPSS Score
0.71459%
CWE
CWE-79
Published
5/7/2021
Updated
3/31/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
ckeditor4npm< 4.14.04.14.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The analysis is based on understanding the nature of the XSS vulnerability in CKEditor's HTML Data Processor and identifying functions that are likely involved in processing HTML comments or protected content. The exact function names are inferred based on typical CKEditor architecture and the description of the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *ross-sit* s*riptin* (XSS) vuln*r**ility in t** *TML **t* Pro**ssor *or *K**itor *.* ***or* *.**.* *llows r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript t*rou** * *r**t** "prot**t**" *omm*nt (wit* t** *k*_prot**t** synt*x).

Reasoning

T** *n*lysis is **s** on un**rst*n*in* t** n*tur* o* t** XSS vuln*r**ility in `*K**itor`'s *TML **t* Pro**ssor *n* i**nti*yin* `*un*tions` t**t *r* lik*ly involv** in pro**ssin* *TML *omm*nts or prot**t** *ont*nt. T** *x**t `*un*tion` n*m*s *r* in**r