There are several XSS vulnerabilities in CKEditor prior Version 4.15.1.
Those could be used to collect cookie-/session- and other sensitive information from
The issue is fixed in the current stable release Znuny 6.0.31. An update is recommended.
Please see the release notes of the CKEDitor for more detailed information.