Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/ckeditor@4.1.2
Typegem
Namespace
Nameckeditor
Version4.1.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-4x92-vapt-n7dz
vulnerability_id VCID-4x92-vapt-n7dz
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CKEditor4 is an open source WYSIWYG HTML editor. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at The problem has been recognized and patched.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41165
reference_id
reference_type
scores
0
value 0.00117
scoring_system epss
scoring_elements 0.30422
published_at 2026-04-08T12:55:00Z
1
value 0.00117
scoring_system epss
scoring_elements 0.30321
published_at 2026-04-21T12:55:00Z
2
value 0.00117
scoring_system epss
scoring_elements 0.30364
published_at 2026-04-18T12:55:00Z
3
value 0.00117
scoring_system epss
scoring_elements 0.30478
published_at 2026-04-01T12:55:00Z
4
value 0.00117
scoring_system epss
scoring_elements 0.30384
published_at 2026-04-16T12:55:00Z
5
value 0.00117
scoring_system epss
scoring_elements 0.30366
published_at 2026-04-13T12:55:00Z
6
value 0.00117
scoring_system epss
scoring_elements 0.30415
published_at 2026-04-12T12:55:00Z
7
value 0.00117
scoring_system epss
scoring_elements 0.30459
published_at 2026-04-11T12:55:00Z
8
value 0.00117
scoring_system epss
scoring_elements 0.30506
published_at 2026-04-02T12:55:00Z
9
value 0.00117
scoring_system epss
scoring_elements 0.30552
published_at 2026-04-04T12:55:00Z
10
value 0.00117
scoring_system epss
scoring_elements 0.30362
published_at 2026-04-07T12:55:00Z
11
value 0.00117
scoring_system epss
scoring_elements 0.30456
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41165
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165
2
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
3
reference_url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
4
reference_url https://www.drupal.org/sa-core-2021-011
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-011
5
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
6
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
7
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
reference_id 1015217
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
reference_id 999909
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
10
reference_url https://security.archlinux.org/AVG-2565
reference_id AVG-2565
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2565
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41165
reference_id CVE-2021-41165
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41165
12
reference_url https://github.com/advisories/GHSA-7h26-63m7-qhf2
reference_id GHSA-7h26-63m7-qhf2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7h26-63m7-qhf2
13
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
reference_id GHSA-7h26-63m7-qhf2
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
fixed_packages
aliases CVE-2021-41165, GHSA-7h26-63m7-qhf2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4x92-vapt-n7dz
1
url VCID-8hvk-a5es-v3e4
vulnerability_id VCID-8hvk-a5es-v3e4
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CKEditor4 is an open source WYSIWYG HTML editor. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41164
reference_id
reference_type
scores
0
value 0.00076
scoring_system epss
scoring_elements 0.22783
published_at 2026-04-01T12:55:00Z
1
value 0.00076
scoring_system epss
scoring_elements 0.22811
published_at 2026-04-21T12:55:00Z
2
value 0.00076
scoring_system epss
scoring_elements 0.22851
published_at 2026-04-18T12:55:00Z
3
value 0.00076
scoring_system epss
scoring_elements 0.22857
published_at 2026-04-16T12:55:00Z
4
value 0.00076
scoring_system epss
scoring_elements 0.22843
published_at 2026-04-13T12:55:00Z
5
value 0.00076
scoring_system epss
scoring_elements 0.229
published_at 2026-04-12T12:55:00Z
6
value 0.00076
scoring_system epss
scoring_elements 0.22936
published_at 2026-04-11T12:55:00Z
7
value 0.00076
scoring_system epss
scoring_elements 0.22916
published_at 2026-04-09T12:55:00Z
8
value 0.00076
scoring_system epss
scoring_elements 0.22863
published_at 2026-04-08T12:55:00Z
9
value 0.00076
scoring_system epss
scoring_elements 0.22789
published_at 2026-04-07T12:55:00Z
10
value 0.00076
scoring_system epss
scoring_elements 0.22997
published_at 2026-04-04T12:55:00Z
11
value 0.00076
scoring_system epss
scoring_elements 0.22953
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41164
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41164
2
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
3
reference_url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
8
reference_url https://www.drupal.org/sa-core-2021-011
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-011
9
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
10
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
11
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
reference_id 999909
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
13
reference_url https://security.archlinux.org/AVG-2565
reference_id AVG-2565
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2565
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41164
reference_id CVE-2021-41164
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41164
15
reference_url https://github.com/advisories/GHSA-pvmx-g8h5-cprj
reference_id GHSA-pvmx-g8h5-cprj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pvmx-g8h5-cprj
16
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj
reference_id GHSA-pvmx-g8h5-cprj
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj
fixed_packages
aliases CVE-2021-41164, GHSA-pvmx-g8h5-cprj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8hvk-a5es-v3e4
2
url VCID-sd2a-hmu2-wbax
vulnerability_id VCID-sd2a-hmu2-wbax
summary 
Code Injection
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdit The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32809
reference_id
reference_type
scores
0
value 0.00236
scoring_system epss
scoring_elements 0.46583
published_at 2026-04-13T12:55:00Z
1
value 0.00236
scoring_system epss
scoring_elements 0.46584
published_at 2026-04-21T12:55:00Z
2
value 0.00236
scoring_system epss
scoring_elements 0.46637
published_at 2026-04-18T12:55:00Z
3
value 0.00236
scoring_system epss
scoring_elements 0.4664
published_at 2026-04-16T12:55:00Z
4
value 0.00321
scoring_system epss
scoring_elements 0.55075
published_at 2026-04-01T12:55:00Z
5
value 0.00321
scoring_system epss
scoring_elements 0.55217
published_at 2026-04-12T12:55:00Z
6
value 0.00321
scoring_system epss
scoring_elements 0.55236
published_at 2026-04-11T12:55:00Z
7
value 0.00321
scoring_system epss
scoring_elements 0.552
published_at 2026-04-04T12:55:00Z
8
value 0.00321
scoring_system epss
scoring_elements 0.55176
published_at 2026-04-02T12:55:00Z
9
value 0.00321
scoring_system epss
scoring_elements 0.55224
published_at 2026-04-09T12:55:00Z
10
value 0.00321
scoring_system epss
scoring_elements 0.55175
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32809
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32809
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32809
2
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
3
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements
1
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/
10
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
11
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992291
reference_id 992291
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992291
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32809
reference_id CVE-2021-32809
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32809
14
reference_url https://github.com/advisories/GHSA-7889-rm5j-hpgg
reference_id GHSA-7889-rm5j-hpgg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7889-rm5j-hpgg
15
reference_url https://usn.ubuntu.com/5340-1/
reference_id USN-5340-1
reference_type
scores
url https://usn.ubuntu.com/5340-1/
16
reference_url https://usn.ubuntu.com/USN-5340-2/
reference_id USN-USN-5340-2
reference_type
scores
url https://usn.ubuntu.com/USN-5340-2/
fixed_packages
aliases CVE-2021-32809, GHSA-7889-rm5j-hpgg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sd2a-hmu2-wbax
3
url VCID-un66-k85j-b7d2
vulnerability_id VCID-un66-k85j-b7d2
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24728
reference_id
reference_type
scores
0
value 0.00796
scoring_system epss
scoring_elements 0.73933
published_at 2026-04-07T12:55:00Z
1
value 0.00796
scoring_system epss
scoring_elements 0.73937
published_at 2026-04-02T12:55:00Z
2
value 0.00796
scoring_system epss
scoring_elements 0.73962
published_at 2026-04-04T12:55:00Z
3
value 0.00796
scoring_system epss
scoring_elements 0.73967
published_at 2026-04-08T12:55:00Z
4
value 0.00796
scoring_system epss
scoring_elements 0.73978
published_at 2026-04-13T12:55:00Z
5
value 0.00796
scoring_system epss
scoring_elements 0.73986
published_at 2026-04-12T12:55:00Z
6
value 0.00796
scoring_system epss
scoring_elements 0.74004
published_at 2026-04-11T12:55:00Z
7
value 0.00796
scoring_system epss
scoring_elements 0.73981
published_at 2026-04-09T12:55:00Z
8
value 0.01069
scoring_system epss
scoring_elements 0.77748
published_at 2026-04-21T12:55:00Z
9
value 0.01069
scoring_system epss
scoring_elements 0.77755
published_at 2026-04-18T12:55:00Z
10
value 0.01069
scoring_system epss
scoring_elements 0.77756
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24728
1
reference_url https://ckeditor.com/cke4/release/CKEditor-4.18.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://ckeditor.com/cke4/release/CKEditor-4.18.0
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24728
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24728
3
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
4
reference_url https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
9
reference_url https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4
10
reference_url https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4/
reference_id
reference_type
scores
url https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4/
11
reference_url https://www.drupal.org/sa-core-2022-005
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://www.drupal.org/sa-core-2022-005
12
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
reference_id 1015217
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24728
reference_id CVE-2022-24728
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24728
15
reference_url https://github.com/advisories/GHSA-4fc4-4p5g-6w89
reference_id GHSA-4fc4-4p5g-6w89
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4fc4-4p5g-6w89
16
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89
reference_id GHSA-4fc4-4p5g-6w89
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89
17
reference_url https://usn.ubuntu.com/7258-1/
reference_id USN-7258-1
reference_type
scores
url https://usn.ubuntu.com/7258-1/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
reference_id VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
reference_id WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
fixed_packages
aliases CVE-2022-24728, GHSA-4fc4-4p5g-6w89
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-un66-k85j-b7d2
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/ckeditor@4.1.2