8 matches found
CVE-2021-41165
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result...
Fedora 36 : ckeditor (2022-b61dfd219b)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-b61dfd219b advisory. CKEditor 4.20 New Features: 5084: Added the config.tabletoolsscopedHeaders configuration option controlling the behaviour of table headers with and...
GSD-2022-1000586 net: ieee802154: ca8210: Stop leaking skb's
net: ieee802154: ca8210: Stop leaking skb's This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.22 by commit...
CKEditor 4.0 < 4.17.0 Multiple Vulnerabilities - Linux
CKEditor is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
ferris-rich-input (=0.0.1) potentially affected by CVE-2021-41165 via ckeditor4 (=4.14.0)
ckeditor4 NPM version =4.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on ckeditor4 and may be impacted: - ferris-rich-input =0.0.1 Source cves: CVE-2021-41165 Source advisory: OSV:GHSA-7H26-63M7-QHF2...
DRUPAL-CORE-2021-011
The Drupal project uses the CKEditor library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal, along with a hotfix for that update. Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can...
CVE-2021-41165
CKEditor4 core HTML processing vulnerability (CVE-2021-41165) allows injection of malformed HTML comments bypassing content sanitization, potentially enabling JavaScript execution. Affected: CKEditor 4.x versions before 4.17.0 (affects all plugins). Impact: execution of arbitrary script in affect...
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2021-011
The Drupal project uses the CKEditor library for WYSIWYG editing. CKEditor has released a security update that impacts Drupal, along with a hotfix for that update. Vulnerabilities are possible if Drupal is configured to allow use of the CKEditor library for WYSIWYG editing. An attacker that can...