Security Updates:

  • Fixed XSS vulnerability in the HTML parser reported by Dheeraj Joshi and Prem Kumar.

    Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.

An upgrade is highly recommended!

Fixed Issues:

Other Changes:

Twitter Facebook Facebook Instagram Medium Google+ GitHub Arrow down Phone Menu Close icon Check