CVE-2021-41164

CVE	CVE-2021-41164
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-11-17 19:15:00 UTC
Updated	2023-11-07 03:38:00 UTC
Description	CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.

Problem Types: CWE-79

Type	Vendor	Product	Version	Update	Edition	Language
Application	Ckeditor	Ckeditor	All	All	All	All
Application	Drupal	Drupal	All	All	All	All
Operating System	Fedoraproject	Fedora	36	All	All	All
Operating System	Fedoraproject	Fedora	37	All	All	All
Application	Oracle	Agile Plm	9.3.6	All	All	All
Application	Oracle	Application Express	All	All	All	All
Application	Oracle	Banking Apis	19.1	All	All	All
Application	Oracle	Banking Apis	19.2	All	All	All
Application	Oracle	Banking Apis	20.1	All	All	All
Application	Oracle	Banking Apis	21.1	All	All	All
Application	Oracle	Banking Apis	All	All	All	All
Application	Oracle	Banking Digital Experience	19.1	All	All	All
Application	Oracle	Banking Digital Experience	19.2	All	All	All
Application	Oracle	Banking Digital Experience	20.1	All	All	All
Application	Oracle	Banking Digital Experience	21.1	All	All	All
Application	Oracle	Banking Digital Experience	All	All	All	All
Application	Oracle	Commerce Guided Search	11.3.2	All	All	All
Application	Oracle	Peoplesoft Enterprise Peopletools	8.58	All	All	All
Application	Oracle	Peoplesoft Enterprise Peopletools	8.59	All	All	All
Application	Oracle	Webcenter Portal	12.2.1.3.0	All	All	All
Application	Oracle	Webcenter Portal	12.2.1.4.0	All	All	All

Reference	Source	Link	Tags
Access to this page has been denied.	CONFIRM	www.drupal.org
Oracle Critical Patch Update Advisory - April 2022	MISC	www.oracle.com
[SECURITY] Fedora 36 Update: ckeditor-4.20.0-1.fc36 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Oracle Critical Patch Update Advisory - January 2022	MISC	www.oracle.com
ckeditor4/CHANGES.md at major · ckeditor/ckeditor4 · GitHub	MISC	github.com
[SECURITY] Fedora 36 Update: ckeditor-4.20.0-1.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML · Advisory · ckeditor/ckeditor4 · GitHub	CONFIRM	github.com
[SECURITY] Fedora 37 Update: ckeditor-4.20.0-1.fc37 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Oracle Critical Patch Update Advisory - July 2022	N/A	www.oracle.com
[SECURITY] Fedora 37 Update: ckeditor-4.20.0-1.fc37 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

154106 Drupal Core Cross-Site Scripting (XSS) Vulnerability (SA-CORE-2021-011)
184566 Debian Security Update for ckeditor (CVE-2021-41164)
283229 Fedora Security Update for ckeditor (FEDORA-2022-b61dfd219b)
283475 Fedora Security Update for ckeditor (FEDORA-2022-4c634ee466)
730266 Drupal Core Cross-Site Scripting (XSS) Vulnerability (SA-CORE-2021-011)
980067 Nodejs (npm) Security Update for ckeditor4 (GHSA-pvmx-g8h5-cprj)