Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.4
CVSSv3

CVE-2021-41165

Published: 17/11/2021 Updated: 05/10/2022
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Ckeditor

Vulnerability Summary

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ckeditor ckeditor

drupal drupal

oracle webcenter portal 12.2.1.3.0

oracle agile product lifecycle management 9.3.6

oracle banking digital experience 19.1

oracle peoplesoft enterprise peopletools 8.58

oracle webcenter portal 12.2.1.4.0

oracle banking digital experience 19.2

oracle banking digital experience 20.1

oracle commerce guided search 11.3.2

oracle peoplesoft enterprise peopletools 8.59

oracle banking digital experience 21.1

oracle banking apis

oracle banking apis 19.1

oracle banking apis 19.2

oracle banking apis 20.1

oracle banking apis 21.1

oracle banking digital experience

oracle application express

Vendor Advisories

Debian CVElist Bug Report Logs: ckeditor: CVE-2021-41164 CVE-2021-41165
Debian Bug report logs - #999909 ckeditor: CVE-2021-41164 CVE-2021-41165 Package: src:ckeditor; Maintainer for src:ckeditor is Debian Javascript Maintainers &lt;pkg-javascript-devel@listsaliothdebianorg&gt;; Reported by: Neil Williams &lt;codehelp@debianorg&gt; Date: Thu, 18 Nov 2021 10:45:04 UTC Severity: important Tags: se ...
Debian CVElist Bug Report Logs: ckeditor3: CVE-2014-5191 CVE-2018-17960 CVE-2021-26271 CVE-2021-33829 CVE-2021-37695 CVE-2021-41165 CVE-2022-24728 CVE-2022-24729
Debian Bug report logs - #1015217 ckeditor3: CVE-2014-5191 CVE-2018-17960 CVE-2021-26271 CVE-2021-33829 CVE-2021-37695 CVE-2021-41165 CVE-2022-24728 CVE-2022-24729 Package: src:ckeditor3; Maintainer for src:ckeditor3 is Horde Maintainers &lt;team+debian-horde-team@trackerdebianorg&gt;; Reported by: Moritz Mühlenhoff &lt;jmm@inut ...
Arch Linux Issues:
In CKEditor4 before version 4170, as used by Drupal beforer version 929, a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code In Drupal, an ...

References

CWE-79https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2https://www.drupal.org/sa-core-2021-011https://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909https://security.archlinux.org/CVE-2021-41165
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook