Vulnerabilities > CVE-2021-41164

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

NVD

Published: 2021-11-17

Updated: 2024-11-21

Summary

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.

Vulnerable Configurations

Part	Description	Count
Application	Ckeditor Ckeditor Ckeditor 4.0 Ckeditor Ckeditor 4.0.1 Ckeditor Ckeditor 4.0.1.1 Ckeditor Ckeditor 4.0.2 Ckeditor Ckeditor 4.0.3 Ckeditor Ckeditor 4.1 Ckeditor Ckeditor 4.1.1 Ckeditor Ckeditor 4.1.2 Ckeditor Ckeditor 4.1.3 Ckeditor Ckeditor 4.2 Ckeditor Ckeditor 4.2.1 Ckeditor Ckeditor 4.2.2 Ckeditor Ckeditor 4.2.3 Ckeditor Ckeditor 4.3.0 Ckeditor Ckeditor 4.3.1 Ckeditor Ckeditor 4.3.2 Ckeditor Ckeditor 4.3.3 Ckeditor Ckeditor 4.3.4 Ckeditor Ckeditor 4.3.5 Ckeditor Ckeditor 4.4.0 Ckeditor Ckeditor 4.4.1 Ckeditor Ckeditor 4.4.2 Ckeditor Ckeditor 4.4.3 Ckeditor Ckeditor 4.4.4 Ckeditor Ckeditor 4.4.5 Ckeditor Ckeditor 4.4.6 Ckeditor Ckeditor 4.4.7 Ckeditor Ckeditor 4.4.8 Ckeditor Ckeditor 4.5.0 Ckeditor Ckeditor 4.5.1 Ckeditor Ckeditor 4.5.2 Ckeditor Ckeditor 4.5.3 Ckeditor Ckeditor 4.5.4 Ckeditor Ckeditor 4.5.5 Ckeditor Ckeditor 4.5.6 Ckeditor Ckeditor 4.5.7 Ckeditor Ckeditor 4.5.8 Ckeditor Ckeditor 4.5.9 Ckeditor Ckeditor 4.5.10 Ckeditor Ckeditor 4.5.11 Ckeditor Ckeditor 4.6.0 Ckeditor Ckeditor 4.6.1 Ckeditor Ckeditor 4.6.2 Ckeditor Ckeditor 4.7.0 Ckeditor Ckeditor 4.7.1 Ckeditor Ckeditor 4.7.2 Ckeditor Ckeditor 4.7.3 Ckeditor Ckeditor 4.8.0 Ckeditor Ckeditor 4.9.0 Ckeditor Ckeditor 4.9.1 Ckeditor Ckeditor 4.9.2 Ckeditor Ckeditor 4.10.0 Ckeditor Ckeditor 4.10.1 Ckeditor Ckeditor 4.11.0 Ckeditor Ckeditor 4.11.1 Ckeditor Ckeditor 4.11.2 Ckeditor Ckeditor 4.11.3 Ckeditor Ckeditor 4.11.4 Ckeditor Ckeditor 4.13.0 Ckeditor Ckeditor 4.13.1 Ckeditor Ckeditor 4.14 Ckeditor Ckeditor 4.14.0 Ckeditor Ckeditor 4.14.1 Ckeditor Ckeditor 4.15.0 Ckeditor Ckeditor 4.15.1 Ckeditor Ckeditor 4.16 Ckeditor Ckeditor 4.16.0 Ckeditor Ckeditor 4.16.1 Ckeditor Ckeditor 4.16.2	78
Application	Drupal Drupal Drupal 9.2.0 Drupal Drupal 9.2.1 Drupal Drupal 9.2.2 Drupal Drupal 9.2.3 Drupal Drupal 9.2.4 Drupal Drupal 9.2.5 Drupal Drupal 9.2.6 Drupal Drupal 9.2.7 Drupal Drupal 9.2.8 Drupal Drupal 9.1.0 Drupal Drupal 9.1.1 Drupal Drupal 9.1.2 Drupal Drupal 9.1.3 Drupal Drupal 9.1.4 Drupal Drupal 9.1.5 Drupal Drupal 9.1.6 Drupal Drupal 9.1.7 Drupal Drupal 9.1.8 Drupal Drupal 9.1.9 Drupal Drupal 9.1.10 Drupal Drupal 9.1.11 Drupal Drupal 9.1.12 Drupal Drupal 9.1.13 Drupal Drupal 8.9.0 Drupal Drupal 8.9.1 Drupal Drupal 8.9.2 Drupal Drupal 8.9.3 Drupal Drupal 8.9.4 Drupal Drupal 8.9.5 Drupal Drupal 8.9.6 Drupal Drupal 8.9.7 Drupal Drupal 8.9.8 Drupal Drupal 8.9.9 Drupal Drupal 8.9.10 Drupal Drupal 8.9.11 Drupal Drupal 8.9.12 Drupal Drupal 8.9.13 Drupal Drupal 8.9.14 Drupal Drupal 8.9.15 Drupal Drupal 8.9.16 Drupal Drupal 8.9.17 Drupal Drupal 8.9.18 Drupal Drupal 8.9.19	53
Application	Oracle Oracle Banking Digital Experience 19.1 Oracle Banking Digital Experience 19.2 Oracle Banking Digital Experience 20.1 Oracle Banking Digital Experience 21.1 Oracle Banking Digital Experience 18.1 Oracle Banking Digital Experience 18.2 Oracle Banking Digital Experience 18.3 Oracle Banking Apis 18.1 Oracle Banking Apis 18.2 Oracle Banking Apis 18.3 Oracle Banking Apis 19.1 Oracle Banking Apis 19.2 Oracle Banking Apis 20.1 Oracle Banking Apis 21.1 Oracle Webcenter Portal 12.2.1.3.0 Oracle Webcenter Portal 12.2.1.4.0 Oracle Agile PLM 9.3.6 Oracle Peoplesoft Enterprise Peopletools 8.58 Oracle Peoplesoft Enterprise Peopletools 8.59 Oracle Commerce Guided Search 11.3.2 Oracle Application Express - Oracle Application Express 3.0 Oracle Application Express 3.1 Oracle Application Express 3.2 Oracle Application Express 4.0 Oracle Application Express 4.1 Oracle Application Express 4.2 Oracle Application Express 5.0 Oracle Application Express 5.0.4 Oracle Application Express 5.1.0 Oracle Application Express 5.1.1 Oracle Application Express 5.1.2 Oracle Application Express 5.1.2.00.09 Oracle Application Express 5.1.3 Oracle Application Express 5.1.3.00.05 Oracle Application Express 5.1.4 Oracle Application Express 5.1.4.00.08 Oracle Application Express 18.2 Oracle Application Express 19.1 Oracle Application Express 19.2 Oracle Application Express 20.1 Oracle Application Express 20.2 Oracle Application Express 21.1.0 Oracle Application Express 21.1.0.00.01 Oracle Application Express 21.1.4	45
OS	Fedoraproject Fedoraproject Fedora 36 Fedoraproject Fedora 37	2

Vulnerabilities > CVE-2021-41164 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2021-41164"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2021-41164