cbcvebase.
CVE-2021-32809
published 2021-08-12

CVE-2021-32809: ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4…

medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.

Affected

23 ranges
VendorProductVersion rangeFixed in
ckeditorckeditor>= 0 < 4.16.2+dfsg-14.16.2+dfsg-1
ckeditorckeditor>= 0 < 4.5.7+dfsg-2ubuntu0.18.04.14.5.7+dfsg-2ubuntu0.18.04.1
ckeditorckeditor>= 0 < 4.12.1+dfsg-1ubuntu0.14.12.1+dfsg-1ubuntu0.1
ckeditorckeditor>= 0 < 4.5.7+dfsg-2ubuntu0.16.04.1~esm14.5.7+dfsg-2ubuntu0.16.04.1~esm1
ckeditorckeditor>= 4.5.2 < 4.16.24.16.2
ckeditorckeditor4
ckeditorckeditor4>= 4.5.2 < 4.16.24.16.2
debianckeditor< ckeditor 4.16.2+dfsg-1 (bookworm)ckeditor 4.16.2+dfsg-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
oracleapplication_express< 21.1.421.1.4
oraclebanking_party_management
oraclecommerce_guided_search
oraclecommerce_merchandising
oracledocumaker
oracledocumaker
oraclefinancial_services_analytical_applications_infrastructure8.0.7 – 8.1.1
oraclejd_edwards_enterpriseone_tools< 9.2.6.09.2.6.0
oraclepeoplesoft_enterprise_peopletools
oraclepeoplesoft_enterprise_peopletools
oraclepeoplesoft_enterprise_peopletools
pimcorepimcore>= 0 < 10.1.110.1.1

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
ghsa5.4MEDIUM
osv6.1MEDIUM