Problem
It has been discovered that the ckeditor-wordcount-plugin plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode.
Solution
Update to version 1.17.12 of the ckeditor-wordcount-plugin plugin.
Credits
- @sypets for reporting this finding to the TYPO3 Security Team
- @ohader for fixing the issue on behalf of the TYPO3 Security Team
Problem
It has been discovered that the
ckeditor-wordcount-pluginplugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode.Solution
Update to version 1.17.12 of the
ckeditor-wordcount-pluginplugin.Credits