5.4
CVSSv3

CVE-2021-41165

Published: 17/11/2021 Updated: 21/11/2024

Vulnerability Summary

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ckeditor ckeditor

drupal drupal

oracle agile product lifecycle management 9.3.6

oracle application express

oracle banking apis

oracle banking apis 19.1

oracle banking apis 19.2

oracle banking apis 20.1

oracle banking apis 21.1

oracle banking digital experience

oracle banking digital experience 19.1

oracle banking digital experience 19.2

oracle banking digital experience 20.1

oracle banking digital experience 21.1

oracle commerce guided search 11.3.2

oracle peoplesoft enterprise peopletools 8.58

oracle peoplesoft enterprise peopletools 8.59

oracle webcenter portal 12.2.1.3.0

oracle webcenter portal 12.2.1.4.0

Vendor Advisories

Debian Bug report logs - #1015217 ckeditor3: CVE-2014-5191 CVE-2018-17960 CVE-2021-26271 CVE-2021-33829 CVE-2021-37695 CVE-2021-41165 CVE-2022-24728 CVE-2022-24729 Package: src:ckeditor3; Maintainer for src:ckeditor3 is Horde Maintainers &lt;team+debian-horde-team@trackerdebianorg&gt;; Reported by: Moritz Mühlenhoff &lt;jmm@inut ...
Debian Bug report logs - #999909 ckeditor: CVE-2021-41164 CVE-2021-41165 Package: src:ckeditor; Maintainer for src:ckeditor is Debian Javascript Maintainers &lt;pkg-javascript-devel@listsaliothdebianorg&gt;; Reported by: Neil Williams &lt;codehelp@debianorg&gt; Date: Thu, 18 Nov 2021 10:45:04 UTC Severity: important Tags: se ...
In CKEditor4 before version 4170, as used by Drupal beforer version 929, a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code In Drupal, an ...