ckeditor4 is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of HTML in the Advance Content Filter (ACF) module which allows an attacker to inject maliciously crafted HTML containing Javascript code.
CPE | Name | Operator | Version |
---|---|---|---|
ckeditor4 | le | 4.16.2 | |
ckeditor4 | le | 4.16.2 | |
ckeditor:sid | eq | 4.12.1+dfsg-1 | |
ckeditor4 | le | 4.16.2 | |
ckeditor4 | le | 4.16.2 | |
ckeditor:sid | eq | 4.12.1+dfsg-1 |
github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj
lists.fedoraproject.org/archives/list/[email protected]/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
lists.fedoraproject.org/archives/list/[email protected]/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
www.drupal.org/sa-core-2021-011
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujan2022.html
www.oracle.com/security-alerts/cpujul2022.html