id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
14380	XSS Vulnerability bug report	Balaji		"== Steps to reproduce ==

1. Go to the Blog link http://ckeditor.com/blog/CKEditor-4.5.7-Released   . well you can choose any blog from your website.

[[Image()]]

2. Go to the comment box. And type XSS payload as follows: 
    ""/><svg/onload=prompt(1);> in Name and comment box area and store it.


3. After stored comment you will see the Stored based XSS is popped up. 

4. This is so much risk which stored the malicious code over the website using this editor. Now whoever come to this page those people will become victim of XSS attack, May be attacker can steal User account details or other techniques he use.

== Expected result ==

== Actual result ==

POC =  http://prntscr.com/a0762w

== Other details (browser, OS, CKEditor version, installed plugins) ==
"	Bug	closed	Normal		General	4.5.7	invalid