CVE-2021-37695

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
13/08/2021
Last modified:
07/11/2023

Description

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:ckeditor:ckeditor:*:*:*:*:*:*:*:* 4.16.2 (excluding)
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* 21.1.4 (excluding)
cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:commerce_merchandising:11.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* 8.0.7 (including) 8.1.1 (including)
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:* 8.0.8.0.0 (including) 8.1.0.0.0 (including)
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* 9.2.6.0 (excluding)