Lucene search
K

8 matches found

SUSE CVE
SUSE CVE
added 2024/01/30 3:1 a.m.4 views

SUSE CVE-2021-33829

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

6.1CVSS6.9AI score0.03189EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/10/23 12:0 a.m.33 views

Ubuntu 16.04 ESM : CKEditor vulnerabilities (USN-5340-2)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5340-2 advisory. USN-5340-1 fixed several vulnerabilities in CKEditor. This update provides the fixes for CVE-2018-9861, CVE-2020-9281, CVE-2021-32809, CVE-2021-33829 and...

7.3CVSS6.6AI score0.04327EPSS
Exploits0References6
Ubuntu
Ubuntu
added 2022/03/23 8:57 a.m.62 views

USN-5340-2: CKEditor vulnerabilities

USN-5340-1 fixed several vulnerabilities in CKEditor. This update provides the fixes for CVE-2018-9861, CVE-2020-9281, CVE-2021-32809, CVE-2021-33829 and CVE-2021-37695 for Ubuntu 16.04 ESM. Original advisory details: Kyaw Min Thein discovered that CKEditor incorrectly handled certain inputs. An...

7.3CVSS7AI score0.04327EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/25 5:32 p.m.33 views

Security Bulletin: IBM API Connect is impacted by a vulnerability in Drupal CKEditor (CVE-2021-33829)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2021-33829 DESCRIPTION: CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious...

6.1CVSS0.9AI score0.03189EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/06/21 5:16 p.m.4 views

ferris-rich-input (=0.0.1) potentially affected by CVE-2021-33829 via ckeditor4 (=4.14.0)

ckeditor4 NPM version =4.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on ckeditor4 and may be impacted: - ferris-rich-input =0.0.1 Source cves: CVE-2021-33829 Source advisory: OSV:GHSA-RGX6-RJJ4-C388...

6.1CVSS6.6AI score0.03189EPSS
Exploits0
ArchLinux
ArchLinux
added 2021/06/15 12:0 a.m.153 views

[ASA-202106-35] drupal: cross-site scripting

Arch Linux Security Advisory ASA-202106-35 ========================================== Severity: High Date : 2021-06-15 CVE-ID : CVE-2021-33829 Package : drupal Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-2069 Summary ======= The package drupal before version...

6.1CVSS1.6AI score0.03189EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2021/06/09 11:51 a.m.36 views

CVE-2021-33829

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

6.1CVSS6AI score0.03189EPSS
Exploits0
CVE
CVE
added 2021/06/09 11:51 a.m.333 views

CVE-2021-33829

CKEditor 4.x contains a cross-site scripting vulnerability in the HTML Data Processor (affected versions: 4.14.0–4.16.x prior to 4.16.1) where a crafted comment can cause execution of injected JavaScript due to mishandling of --!>. The issue enables remote XSS and is fixed in CKEditor 4.16.1 (...

6.1CVSS5.7AI score0.03189EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder