Launchpad.net

CVE 2014-5191

Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

See the CVE page on Mitre.org for more details.

References