cbcvebase.
CVE-2021-37695
published 2021-08-13

CVE-2021-37695: ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake…

medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.

Affected

27 ranges· showing 25
VendorProductVersion rangeFixed in
ckeditorckeditor< 4.16.24.16.2
ckeditorckeditor>= 0 < 4.16.2+dfsg-14.16.2+dfsg-1
ckeditorckeditor>= 0 < 4.5.7+dfsg-2ubuntu0.18.04.14.5.7+dfsg-2ubuntu0.18.04.1
ckeditorckeditor>= 0 < 4.12.1+dfsg-1ubuntu0.14.12.1+dfsg-1ubuntu0.1
ckeditorckeditor>= 0 < 4.5.7+dfsg-2ubuntu0.16.04.1~esm14.5.7+dfsg-2ubuntu0.16.04.1~esm1
ckeditorckeditor4< 4.16.24.16.2
ckeditorckeditor4>= 0 < 4.16.24.16.2
debianckeditor< ckeditor 4.16.2+dfsg-1 (bookworm)ckeditor 4.16.2+dfsg-1 (bookworm)
debianckeditor3< ckeditor 4.16.2+dfsg-1 (bookworm)ckeditor 4.16.2+dfsg-1 (bookworm)
debiandebian_linux
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
oracleapplication_express< 21.1.421.1.4
oraclebanking_party_management
oraclecommerce_guided_search
oraclecommerce_merchandising
oracledocumaker
oracledocumaker
oraclefinancial_services_analytical_applications_infrastructure
oraclefinancial_services_analytical_applications_infrastructure8.0.7 – 8.1.1
oraclefinancial_services_model_management_and_governance8.0.8.0.0 – 8.1.0.0.0
oraclejd_edwards_enterpriseone_tools< 9.2.6.09.2.6.0
oraclepeoplesoft_enterprise_peopletools
oraclepeoplesoft_enterprise_peopletools

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
ghsa5.4MEDIUM
osv6.1MEDIUM