CVE-2021-33829
MEDIUM6.1EPSS 65.5%ckeditor4 vulnerable to cross-site scripting
發布日:2021/6/21修改日:2025/12/10
描述
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because `--!>` is mishandled.
受影響套件(8)
- Bitnami/drupal>= 8.9.0, < 8.9.16, >= 9.0.0, < 9.0.14, >= 9.1.0, < 9.1.9
- Debian/ckeditorfrom 0, < 4.16.0+dfsg-2
- Debian/ckeditorfrom 0, < 4.5.7+dfsg-2+deb9u1
- Debian/ckeditor3from 0
- npm/ckeditor4>= 4.14.0, < 4.16.1
- Packagist/drupal/core>= 8.0.0, < 8.9.16 | >= 9.0.0, < 9.0.14 | >= 9.1.0, < 9.1.9
- Packagist/drupal/core>= 7.0.0, < 7.80
- Packagist/drupal/drupal>= 7.0.0, < 7.80
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
參考連結(15)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-33829
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-33829
- PATCHhttps://github.com/ckeditor/ckeditor4
- WEBhttps://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2021-33829.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2021-33829.yaml
- WEBhttps://lists.debian.org/debian-lts-announce/2021/11/msg00007.html
- WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/
- WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/
- WEBhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD
- WEBhttps://www.drupal.org/sa-core-2021-003
- WEBhttps://www.npmjs.com/package/ckeditor4