A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 03:35
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-06-09 12:15
Updated : 2024-02-28 18:28
NVD link : CVE-2021-33829
Mitre link : CVE-2021-33829
CVE.ORG link : CVE-2021-33829
JSON object : View
Products Affected
fedoraproject
- fedora
drupal
- drupal
ckeditor
- ckeditor
debian
- debian_linux
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')