8 matches found
SUSE CVE-2021-33829
A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...
Ubuntu 16.04 ESM : CKEditor vulnerabilities (USN-5340-2)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5340-2 advisory. USN-5340-1 fixed several vulnerabilities in CKEditor. This update provides the fixes for CVE-2018-9861, CVE-2020-9281, CVE-2021-32809, CVE-2021-33829 and...
USN-5340-2: CKEditor vulnerabilities
USN-5340-1 fixed several vulnerabilities in CKEditor. This update provides the fixes for CVE-2018-9861, CVE-2020-9281, CVE-2021-32809, CVE-2021-33829 and CVE-2021-37695 for Ubuntu 16.04 ESM. Original advisory details: Kyaw Min Thein discovered that CKEditor incorrectly handled certain inputs. An...
Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal CKEditor (CVE-2021-33829)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-33829 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious...
ferris-rich-input (=0.0.1) potentially affected by CVE-2021-33829 via ckeditor4 (=4.14.0)
ckeditor4 NPM version =4.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on ckeditor4 and may be impacted: - ferris-rich-input =0.0.1 Source cves: CVE-2021-33829 Source advisory: OSV:GHSA-RGX6-RJJ4-C388...
[ASA-202106-35] drupal: cross-site scripting
Arch Linux Security Advisory ASA-202106-35 ========================================== Severity: High Date : 2021-06-15 CVE-ID : CVE-2021-33829 Package : drupal Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-2069 Summary ======= The package drupal before version...
CVE-2021-33829
A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...
CVE-2021-33829
CKEditor 4.x contains a cross-site scripting vulnerability in the HTML Data Processor (affected versions: 4.14.0–4.16.x prior to 4.16.1) where a crafted comment can cause execution of injected JavaScript due to mishandling of --!>. The issue enables remote XSS and is fixed in CKEditor 4.16.1 (...