Html Text Editor

CKEditor 4.4.6 security patches released

CKEditor is an open source, ready-for-use HTML text editor designed to simplify web content creation. It’s a WYSIWYG editor that brings common word processor features directly to your web pages. Enhance your website experience with our community maintained editor. The latest release┬áCKEditor 4.4.6 is a security update to fix an XSS vulnerability in the HTML parser reported by┬áMaco Cortes. Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: (i) switch CKEditor to source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker, into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.