ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ckeditor ckeditor |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
||
oracle webcenter sites 12.2.1.3.0 |
||
oracle peoplesoft enterprise peopletools 8.57 |
||
oracle peoplesoft enterprise peopletools 8.58 |
||
oracle webcenter sites 12.2.1.4.0 |
||
oracle commerce guided search 11.3.2 |
||
oracle peoplesoft enterprise peopletools 8.59 |
||
oracle commerce merchandising 11.3.2 |
||
oracle documaker 12.6.3 |
||
oracle documaker 12.6.4 |
||
oracle banking party management 2.7.0 |
||
oracle siebel ui framework |
||
oracle jd edwards enterpriseone tools |
||
oracle financial services model management and governance 8.1.0.0.0 |
||
oracle financial services model management and governance 8.0.8.0.0 |
||
oracle financial services analytical applications infrastructure |
||
oracle application express |