Lucene search

Veracode Vulnerability DatabaseVERACODE:33021

HistoryNov 18, 2021 - 6:48 a.m.

Cross-site Scripting (XSS)

2021-11-1806:48:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

69.6%

JSON

ckeditor/ckeditor is vulnerable to cross-site scripting. An attacker can inject malicious comments HTML bypassing content sanitization, which could result in executing JavaScript code.

CPENameOperatorVersion
ckeditor/ckeditorle4.16.2
ckeditor:sideq4.12.1+dfsg-1
ckeditor/ckeditorle4.16.2
ckeditor:sideq4.12.1+dfsg-1

Name	Operator	Version
ckeditor/ckeditor	le	4.16.2
ckeditor:sid	eq	4.12.1+dfsg-1
ckeditor/ckeditor	le	4.16.2
ckeditor:sid	eq	4.12.1+dfsg-1

References

github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417

github.com/ckeditor/ckeditor4/commit/3687a9091f730f11d1720807b205a079ae7b99ce

github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2

www.drupal.org/sa-core-2021-011

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujan2022.html

www.oracle.com/security-alerts/cpujul2022.html

0.003 Low

EPSS

Percentile

69.6%

JSON

Related for VERACODE:33021