Lucene search

[email protected]NVD:CVE-2021-32808

HistoryAug 12, 2021 - 5:15 p.m.

CVE-2021-32808

2021-08-1217:15:08

CWE-79

[email protected]

web.nvd.nist.gov

ckeditor

html editor

clipboard widget plugin

undo feature

javascript code

security patch.

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

50.8%

JSON

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.

Affected configurations

Nvd

Node

ckeditorckeditorRange4.13.0–4.16.2node.js

Node

fedoraprojectfedoraMatch33

fedoraprojectfedoraMatch34

fedoraprojectfedoraMatch35

Node

oracleapplication_expressRange<21.1.4

oraclebanking_party_managementMatch2.7.0

oraclecommerce_guided_searchMatch11.3.2

oraclecommerce_merchandisingMatch11.3.2

oracledocumakerMatch12.6.3

oracledocumakerMatch12.6.4

oraclefinancial_services_analytical_applications_infrastructureRange8.0.7–8.1.1

oraclefinancial_services_model_management_and_governanceMatch8.0.8.0.0

oraclefinancial_services_model_management_and_governanceMatch8.1.0.0.0

oraclejd_edwards_enterpriseone_toolsRange≤9.2.6.0

oraclepeoplesoft_enterprise_peopletoolsMatch8.57

oraclepeoplesoft_enterprise_peopletoolsMatch8.58

oraclepeoplesoft_enterprise_peopletoolsMatch8.59

oraclesiebel_ui_frameworkRange≤21.9

oraclewebcenter_sitesMatch12.2.1.3.0

oraclewebcenter_sitesMatch12.2.1.4.0

VendorProductVersionCPE
ckeditorckeditor*cpe:2.3:a:ckeditor:ckeditor:*:*:*:*:*:node.js:*:*
fedoraprojectfedora33cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
fedoraprojectfedora34cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
oracleapplication_express*cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*
oraclebanking_party_management2.7.0cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*
oraclecommerce_guided_search11.3.2cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
oraclecommerce_merchandising11.3.2cpe:2.3:a:oracle:commerce_merchandising:11.3.2:*:*:*:*:*:*:*
oracledocumaker12.6.3cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*
oracledocumaker12.6.4cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ckeditor	ckeditor	*	cpe:2.3:a:ckeditor:ckeditor::::::node.js::*
fedoraproject	fedora	33	cpe:2.3:o:fedoraproject:fedora:33:::::::*
fedoraproject	fedora	34	cpe:2.3:o:fedoraproject:fedora:34:::::::*
fedoraproject	fedora	35	cpe:2.3:o:fedoraproject:fedora:35:::::::*
oracle	application_express	*	cpe:2.3:a:oracle:application_express::::::::
oracle	banking_party_management	2.7.0	cpe:2.3:a:oracle:banking_party_management:2.7.0:::::::*
oracle	commerce_guided_search	11.3.2	cpe:2.3:a:oracle:commerce_guided_search:11.3.2:::::::*
oracle	commerce_merchandising	11.3.2	cpe:2.3:a:oracle:commerce_merchandising:11.3.2:::::::*
oracle	documaker	12.6.3	cpe:2.3:a:oracle:documaker:12.6.3:::::::*
oracle	documaker	12.6.4	cpe:2.3:a:oracle:documaker:12.6.4:::::::*