Linuxeden开源社区
CKEditor 4.9.2 发布了,其中包含针对增强图像插件的安全修补程序,建议对 CKEditor 4.5.11 等以上版本进行升级。
安全更新:
- Fixed XSS vulnerability in the Enhanced Image (
image2) plugin reported by Kyaw Min Thein.Issue summary: It was possible to execute XSS inside CKEditor using the
<img>tag and specially crafted HTML. Please note that the default presets (Basic/Standard/Full) do not include this plugin, so you are only at risk if you made a custom build and enabled this plugin.
更多详情可查看发布博客。
下载地址:https://ckeditor.com/ckeditor-4/download/
转自 https://www.oschina.net/news/95329/ckeditor-4-9-2-released