A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
21 Nov 2024, 06:09
Type | Values Removed | Values Added |
---|---|---|
References | () https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser - Patch, Release Notes, Vendor Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/ - | |
References | () https://www.drupal.org/sa-core-2021-003 - Patch, Third Party Advisory |
07 Nov 2023, 03:35
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-06-09 12:15
Updated : 2024-11-21 06:09
NVD link : CVE-2021-33829
Mitre link : CVE-2021-33829
CVE.ORG link : CVE-2021-33829
JSON object : View
Products Affected
debian
- debian_linux
fedoraproject
- fedora
ckeditor
- ckeditor
drupal
- drupal
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')