Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.4
CVSSv3

CVE-2021-41164

Published: 17/11/2021 Updated: 07/11/2023
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Ckeditor

Vulnerability Summary

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ckeditor ckeditor

drupal drupal

oracle banking digital experience 19.1

oracle banking digital experience 19.2

oracle banking digital experience 20.1

oracle banking digital experience 21.1

oracle banking apis

oracle banking apis 19.1

oracle banking apis 19.2

oracle banking apis 20.1

oracle banking apis 21.1

oracle banking digital experience

oracle webcenter portal 12.2.1.3.0

oracle agile plm 9.3.6

oracle peoplesoft enterprise peopletools 8.58

oracle webcenter portal 12.2.1.4.0

oracle commerce guided search 11.3.2

oracle peoplesoft enterprise peopletools 8.59

oracle application express

fedoraproject fedora 36

fedoraproject fedora 37

Vendor Advisories

Debian CVElist Bug Report Logs: ckeditor: CVE-2021-41164 CVE-2021-41165
Debian Bug report logs - #999909 ckeditor: CVE-2021-41164 CVE-2021-41165 Package: src:ckeditor; Maintainer for src:ckeditor is Debian Javascript Maintainers &lt;pkg-javascript-devel@listsaliothdebianorg&gt;; Reported by: Neil Williams &lt;codehelp@debianorg&gt; Date: Thu, 18 Nov 2021 10:45:04 UTC Severity: important Tags: se ...
Arch Linux Issues:
In CKEditor4 before version 4170, as used by Drupal beforer version 929, a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4 The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code In Drupal, an ...

References

CWE-79https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprjhttps://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417https://www.drupal.org/sa-core-2021-011https://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909https://nvd.nist.govhttps://security.archlinux.org/CVE-2021-41164
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook