ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ckeditor ckeditor |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
||
oracle peoplesoft enterprise peopletools 8.57 |
||
oracle peoplesoft enterprise peopletools 8.58 |
||
oracle commerce guided search 11.3.2 |
||
oracle peoplesoft enterprise peopletools 8.59 |
||
oracle commerce merchandising 11.3.2 |
||
oracle jd edwards enterpriseone tools |
||
oracle documaker 12.6.3 |
||
oracle documaker 12.6.4 |
||
oracle banking party management 2.7.0 |
||
oracle financial services analytical applications infrastructure |
||
oracle application express |