Vulnerabilities > CVE-2021-41165

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

ckeditor

drupal

oracle

NVD

Published: 2021-11-17

Updated: 2024-11-21

Summary

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.

Vulnerable Configurations

Part	Description	Count
Application	Ckeditor Ckeditor Ckeditor 1.2.3 Ckeditor Ckeditor 4.0 Ckeditor Ckeditor 4.0.1 Ckeditor Ckeditor 4.0.1.1 Ckeditor Ckeditor 4.0.2 Ckeditor Ckeditor 4.0.3 Ckeditor Ckeditor 4.1 Ckeditor Ckeditor 4.1.1 Ckeditor Ckeditor 4.1.2 Ckeditor Ckeditor 4.1.3 Ckeditor Ckeditor 4.2 Ckeditor Ckeditor 4.2.1 Ckeditor Ckeditor 4.2.2 Ckeditor Ckeditor 4.2.3 Ckeditor Ckeditor 4.3.0 Ckeditor Ckeditor 4.3.1 Ckeditor Ckeditor 4.3.2 Ckeditor Ckeditor 4.3.3 Ckeditor Ckeditor 4.3.4 Ckeditor Ckeditor 4.3.5 Ckeditor Ckeditor 4.4.0 Ckeditor Ckeditor 4.4.1 Ckeditor Ckeditor 4.4.2 Ckeditor Ckeditor 4.4.3 Ckeditor Ckeditor 4.4.4 Ckeditor Ckeditor 4.4.5 Ckeditor Ckeditor 4.4.6 Ckeditor Ckeditor 4.4.7 Ckeditor Ckeditor 4.4.8 Ckeditor Ckeditor 4.5.0 Ckeditor Ckeditor 4.5.1 Ckeditor Ckeditor 4.5.2 Ckeditor Ckeditor 4.5.3 Ckeditor Ckeditor 4.5.4 Ckeditor Ckeditor 4.5.5 Ckeditor Ckeditor 4.5.6 Ckeditor Ckeditor 4.5.7 Ckeditor Ckeditor 4.5.8 Ckeditor Ckeditor 4.5.9 Ckeditor Ckeditor 4.5.10 Ckeditor Ckeditor 4.5.11 Ckeditor Ckeditor 4.6.0 Ckeditor Ckeditor 4.6.1 Ckeditor Ckeditor 4.6.2 Ckeditor Ckeditor 4.7.0 Ckeditor Ckeditor 4.7.1 Ckeditor Ckeditor 4.7.2 Ckeditor Ckeditor 4.7.3 Ckeditor Ckeditor 4.8.0 Ckeditor Ckeditor 4.9.0 Ckeditor Ckeditor 4.9.1 Ckeditor Ckeditor 4.9.2 Ckeditor Ckeditor 4.10.0 Ckeditor Ckeditor 4.10.1 Ckeditor Ckeditor 4.11.0 Ckeditor Ckeditor 4.11.1 Ckeditor Ckeditor 4.11.2 Ckeditor Ckeditor 4.11.3 Ckeditor Ckeditor 4.11.4 Ckeditor Ckeditor 4.13.0 Ckeditor Ckeditor 4.13.1 Ckeditor Ckeditor 4.14 Ckeditor Ckeditor 4.14.0 Ckeditor Ckeditor 4.14.1 Ckeditor Ckeditor 4.15.0 Ckeditor Ckeditor 4.15.1 Ckeditor Ckeditor 4.16 Ckeditor Ckeditor 4.16.0 Ckeditor Ckeditor 4.16.1 Ckeditor Ckeditor 4.16.2	79
Application	Drupal Drupal Drupal 9.2.0 Drupal Drupal 9.2.1 Drupal Drupal 9.2.2 Drupal Drupal 9.2.3 Drupal Drupal 9.2.4 Drupal Drupal 9.2.5 Drupal Drupal 9.2.6 Drupal Drupal 9.2.7 Drupal Drupal 9.2.8 Drupal Drupal 9.1.0 Drupal Drupal 9.1.1 Drupal Drupal 9.1.2 Drupal Drupal 9.1.3 Drupal Drupal 9.1.4 Drupal Drupal 9.1.5 Drupal Drupal 9.1.6 Drupal Drupal 9.1.7 Drupal Drupal 9.1.8 Drupal Drupal 9.1.9 Drupal Drupal 9.1.10 Drupal Drupal 9.1.11 Drupal Drupal 9.1.12 Drupal Drupal 9.1.13 Drupal Drupal 8.9.0 Drupal Drupal 8.9.1 Drupal Drupal 8.9.2 Drupal Drupal 8.9.3 Drupal Drupal 8.9.4 Drupal Drupal 8.9.5 Drupal Drupal 8.9.6 Drupal Drupal 8.9.7 Drupal Drupal 8.9.8 Drupal Drupal 8.9.9 Drupal Drupal 8.9.10 Drupal Drupal 8.9.11 Drupal Drupal 8.9.12 Drupal Drupal 8.9.13 Drupal Drupal 8.9.14 Drupal Drupal 8.9.15 Drupal Drupal 8.9.16 Drupal Drupal 8.9.17 Drupal Drupal 8.9.18 Drupal Drupal 8.9.19	53
Application	Oracle Oracle Webcenter Portal 12.2.1.3.0 Oracle Webcenter Portal 12.2.1.4.0 Oracle Agile Product Lifecycle Management 9.3.6 Oracle Banking Digital Experience 19.1 Oracle Banking Digital Experience 19.2 Oracle Banking Digital Experience 20.1 Oracle Banking Digital Experience 21.1 Oracle Banking Digital Experience 18.1 Oracle Banking Digital Experience 18.2 Oracle Banking Digital Experience 18.3 Oracle Peoplesoft Enterprise Peopletools 8.58 Oracle Peoplesoft Enterprise Peopletools 8.59 Oracle Commerce Guided Search 11.3.2 Oracle Banking Apis 18.1 Oracle Banking Apis 18.2 Oracle Banking Apis 18.3 Oracle Banking Apis 19.1 Oracle Banking Apis 19.2 Oracle Banking Apis 20.1 Oracle Banking Apis 21.1 Oracle Application Express - Oracle Application Express 3.0 Oracle Application Express 3.1 Oracle Application Express 3.2 Oracle Application Express 4.0 Oracle Application Express 4.1 Oracle Application Express 4.2 Oracle Application Express 5.0 Oracle Application Express 5.0.4 Oracle Application Express 5.1.0 Oracle Application Express 5.1.1 Oracle Application Express 5.1.2 Oracle Application Express 5.1.2.00.09 Oracle Application Express 5.1.3 Oracle Application Express 5.1.3.00.05 Oracle Application Express 5.1.4 Oracle Application Express 5.1.4.00.08 Oracle Application Express 18.2 Oracle Application Express 19.1 Oracle Application Express 19.2 Oracle Application Express 20.1 Oracle Application Express 20.2 Oracle Application Express 21.1.0 Oracle Application Express 21.1.0.00.01 Oracle Application Express 21.1.4	45

Vulnerabilities > CVE-2021-41165 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2021-41165"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2021-41165