Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2021-32809

Published: 12 August 2021

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.

Priority

Medium

Cvss 3 Severity Score

5.4

Score breakdown

Status

Package Release Status
ckeditor
Launchpad, Ubuntu, Debian
impish
Released (4.16.0+dfsg-2ubuntu0.1)
jammy Not vulnerable
(4.16.2)
trusty Does not exist

xenial
Released (4.5.7+dfsg-2ubuntu0.16.04.1~esm1)
Available with Ubuntu Pro
upstream Not vulnerable
(4.16.2)
bionic
Released (4.5.7+dfsg-2ubuntu0.18.04.1)
hirsute Ignored
(end of life)
focal
Released (4.12.1+dfsg-1ubuntu0.1)

Severity score breakdown

Parameter Value
Base score 5.4
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Scope Changed
Confidentiality Low
Integrity impact Low
Availability impact None
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N