Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/ckeditor4@4.16.1
Typenpm
Namespace
Nameckeditor4
Version4.16.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.25.0
Latest_non_vulnerable_version4.25.0
Affected_by_vulnerabilities
0
url VCID-2mmd-x6ge-fuaw
vulnerability_id VCID-2mmd-x6ge-fuaw
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages on a web page with missing proper Content Security Policy configuration; initializing the editor on an element and using an element other than `<textarea>` as a base; and destroying the editor instance. This vulnerability might affect a small percentage of integrators that depend on dynamic editor initialization/destroy mechanism. A fix is available in CKEditor4 version 4.21.0. In some rare cases, a security fix may be considered a breaking change. Starting from version 4.21.0, the Iframe Dialog plugin applies the `sandbox` attribute by default, which restricts JavaScript code execution in the iframe element. To change this behavior, configure the `config.iframe_attributes` option. Also starting from version 4.21.0, the Media Embed plugin regenerates the entire content of the embed widget by default. To change this behavior, configure the `config.embed_keepOriginalContent` option. Those who choose to enable either of the more permissive options or who cannot upgrade to a patched version should properly configure Content Security Policy to avoid any potential security issues that may arise from embedding iframe elements on their web page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28439
reference_id
reference_type
scores
0
value 0.0054
scoring_system epss
scoring_elements 0.6802
published_at 2026-06-06T12:55:00Z
1
value 0.0054
scoring_system epss
scoring_elements 0.68009
published_at 2026-06-07T12:55:00Z
2
value 0.0054
scoring_system epss
scoring_elements 0.68012
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28439
1
reference_url https://ckeditor.com/cke4/addon/embed
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/
url https://ckeditor.com/cke4/addon/embed
2
reference_url https://ckeditor.com/cke4/addon/iframe
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/
url https://ckeditor.com/cke4/addon/iframe
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28439
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28439
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034481
reference_id 1034481
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034481
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059301
reference_id 1059301
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059301
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28439
reference_id CVE-2023-28439
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-28439
7
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g
reference_id GHSA-vh5c-xwqv-cv9g
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWKG2VCPJNETVCDTXU4X6FQ2PO6XCNGN/
reference_id GWKG2VCPJNETVCDTXU4X6FQ2PO6XCNGN
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWKG2VCPJNETVCDTXU4X6FQ2PO6XCNGN/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4ODGOW6PYVOXHQSMWJBOCE6DXWAI33W/
reference_id L4ODGOW6PYVOXHQSMWJBOCE6DXWAI33W
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4ODGOW6PYVOXHQSMWJBOCE6DXWAI33W/
10
reference_url https://usn.ubuntu.com/7258-1/
reference_id USN-7258-1
reference_type
scores
url https://usn.ubuntu.com/7258-1/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCYKD3JZWWA3ESOZG4PHJJEXT4EYIUIQ/
reference_id VCYKD3JZWWA3ESOZG4PHJJEXT4EYIUIQ
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:11Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCYKD3JZWWA3ESOZG4PHJJEXT4EYIUIQ/
fixed_packages
0
url pkg:npm/ckeditor4@4.21.0
purl pkg:npm/ckeditor4@4.21.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2x4x-gkb7-u3b8
1
vulnerability VCID-3ze6-frgs-bqc6
2
vulnerability VCID-dhra-m93g-tucw
3
vulnerability VCID-zpr3-15yc-gfcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.21.0
aliases CVE-2023-28439, GHSA-vh5c-xwqv-cv9g
risk_score 2.1
exploitability 0.5
weighted_severity 4.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2mmd-x6ge-fuaw
1
url VCID-2nbt-ysxu-d3bu
vulnerability_id VCID-2nbt-ysxu-d3bu
summary 
Improper Input Validation
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-26271
reference_id
reference_type
scores
0
value 0.00617
scoring_system epss
scoring_elements 0.70362
published_at 2026-06-05T12:55:00Z
1
value 0.00617
scoring_system epss
scoring_elements 0.7037
published_at 2026-06-06T12:55:00Z
2
value 0.00617
scoring_system epss
scoring_elements 0.7032
published_at 2026-06-04T12:55:00Z
3
value 0.00617
scoring_system epss
scoring_elements 0.70353
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-26271
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24729
reference_id
reference_type
scores
0
value 0.01115
scoring_system epss
scoring_elements 0.78532
published_at 2026-06-04T12:55:00Z
1
value 0.01115
scoring_system epss
scoring_elements 0.78557
published_at 2026-06-07T12:55:00Z
2
value 0.01115
scoring_system epss
scoring_elements 0.78566
published_at 2026-06-06T12:55:00Z
3
value 0.01115
scoring_system epss
scoring_elements 0.78558
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24729
2
reference_url https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first
reference_id
reference_type
scores
url https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first
3
reference_url https://ckeditor.com/cke4/release/CKEditor-4.18.0
reference_id
reference_type
scores
url https://ckeditor.com/cke4/release/CKEditor-4.18.0
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26271
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24729
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24729
6
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
7
reference_url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416
8
reference_url https://github.com/ckeditor/ckeditor4/blob/master/CHANGES.md#ckeditor-416
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
url https://github.com/ckeditor/ckeditor4/blob/master/CHANGES.md#ckeditor-416
9
reference_url https://web.archive.org/web/20210128132707/https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210128132707/https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first
10
reference_url https://www.drupal.org/sa-core-2022-005
reference_id
reference_type
scores
url https://www.drupal.org/sa-core-2022-005
11
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
12
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587
reference_id 982587
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-26271
reference_id CVE-2021-26271
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-26271
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24729
reference_id CVE-2022-24729
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-24729
16
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh
reference_id GHSA-f6rf-9m92-x2hh
reference_type
scores
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh
17
reference_url https://github.com/advisories/GHSA-jv4c-7jqq-m34x
reference_id GHSA-jv4c-7jqq-m34x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jv4c-7jqq-m34x
fixed_packages
0
url pkg:npm/ckeditor4@4.18.0
purl pkg:npm/ckeditor4@4.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mmd-x6ge-fuaw
1
vulnerability VCID-2x4x-gkb7-u3b8
2
vulnerability VCID-3ze6-frgs-bqc6
3
vulnerability VCID-dhra-m93g-tucw
4
vulnerability VCID-zpr3-15yc-gfcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.18.0
aliases CVE-2021-26271, CVE-2022-24729, GHSA-f6rf-9m92-x2hh, GHSA-jv4c-7jqq-m34x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2nbt-ysxu-d3bu
2
url VCID-2x4x-gkb7-u3b8
vulnerability_id VCID-2x4x-gkb7-u3b8
summary Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ckeditor4.
references
0
reference_url https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
reference_id
reference_type
scores
url https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
1
reference_url https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-cksource-ckeditor
reference_id
reference_type
scores
url https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-cksource-ckeditor
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4771
reference_id CVE-2023-4771
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-4771
3
reference_url https://github.com/advisories/GHSA-wh5w-82f3-wrxh
reference_id GHSA-wh5w-82f3-wrxh
reference_type
scores
url https://github.com/advisories/GHSA-wh5w-82f3-wrxh
4
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-wh5w-82f3-wrxh
reference_id GHSA-wh5w-82f3-wrxh
reference_type
scores
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-wh5w-82f3-wrxh
fixed_packages
0
url pkg:npm/ckeditor4@4.24.0-lts
purl pkg:npm/ckeditor4@4.24.0-lts
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.24.0-lts
aliases GHSA-wh5w-82f3-wrxh, GMS-2024-140
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2x4x-gkb7-u3b8
3
url VCID-3ze6-frgs-bqc6
vulnerability_id VCID-3ze6-frgs-bqc6
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24816
reference_id
reference_type
scores
0
value 0.3983
scoring_system epss
scoring_elements 0.97405
published_at 2026-06-05T12:55:00Z
1
value 0.3983
scoring_system epss
scoring_elements 0.97407
published_at 2026-06-07T12:55:00Z
2
value 0.3983
scoring_system epss
scoring_elements 0.97406
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24816
1
reference_url https://ckeditor.com/cke4/addon/preview
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T20:41:03Z/
url https://ckeditor.com/cke4/addon/preview
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24816
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24816
3
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
4
reference_url https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T20:41:03Z/
url https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24816
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-24816
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063536
reference_id 1063536
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063536
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063537
reference_id 1063537
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063537
8
reference_url https://github.com/advisories/GHSA-mw2c-vx6j-mg76
reference_id GHSA-mw2c-vx6j-mg76
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mw2c-vx6j-mg76
9
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-mw2c-vx6j-mg76
reference_id GHSA-mw2c-vx6j-mg76
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T20:41:03Z/
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-mw2c-vx6j-mg76
10
reference_url https://usn.ubuntu.com/7258-1/
reference_id USN-7258-1
reference_type
scores
url https://usn.ubuntu.com/7258-1/
fixed_packages
0
url pkg:npm/ckeditor4@4.24.0-lts
purl pkg:npm/ckeditor4@4.24.0-lts
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.24.0-lts
aliases CVE-2024-24816, GHSA-mw2c-vx6j-mg76
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ze6-frgs-bqc6
4
url VCID-6xfu-dm97-nkg4
vulnerability_id VCID-6xfu-dm97-nkg4
summary cross-site scripting
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41165
reference_id
reference_type
scores
0
value 0.00106
scoring_system epss
scoring_elements 0.28223
published_at 2026-06-07T12:55:00Z
1
value 0.00106
scoring_system epss
scoring_elements 0.28265
published_at 2026-06-06T12:55:00Z
2
value 0.00106
scoring_system epss
scoring_elements 0.28315
published_at 2026-06-05T12:55:00Z
3
value 0.00128
scoring_system epss
scoring_elements 0.31709
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41165
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165
2
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
3
reference_url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
4
reference_url https://www.drupal.org/sa-core-2021-011
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-011
5
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
6
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
7
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
reference_id 1015217
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
reference_id 999909
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
10
reference_url https://security.archlinux.org/AVG-2565
reference_id AVG-2565
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2565
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41165
reference_id CVE-2021-41165
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41165
12
reference_url https://github.com/advisories/GHSA-7h26-63m7-qhf2
reference_id GHSA-7h26-63m7-qhf2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7h26-63m7-qhf2
13
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
reference_id GHSA-7h26-63m7-qhf2
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
fixed_packages
0
url pkg:npm/ckeditor4@4.17.0
purl pkg:npm/ckeditor4@4.17.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mmd-x6ge-fuaw
1
vulnerability VCID-2nbt-ysxu-d3bu
2
vulnerability VCID-2x4x-gkb7-u3b8
3
vulnerability VCID-3ze6-frgs-bqc6
4
vulnerability VCID-dhra-m93g-tucw
5
vulnerability VCID-fm9y-ujc1-qbaq
6
vulnerability VCID-zpr3-15yc-gfcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.17.0
aliases CVE-2021-41165, GHSA-7h26-63m7-qhf2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6xfu-dm97-nkg4
5
url VCID-cbgv-19kg-z7a9
vulnerability_id VCID-cbgv-19kg-z7a9
summary cross-site scripting
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41164
reference_id
reference_type
scores
0
value 0.00076
scoring_system epss
scoring_elements 0.23008
published_at 2026-06-05T12:55:00Z
1
value 0.00076
scoring_system epss
scoring_elements 0.22927
published_at 2026-06-04T12:55:00Z
2
value 0.00076
scoring_system epss
scoring_elements 0.2295
published_at 2026-06-07T12:55:00Z
3
value 0.00076
scoring_system epss
scoring_elements 0.22994
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41164
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41164
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41164
2
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
3
reference_url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
8
reference_url https://www.drupal.org/sa-core-2021-011
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-011
9
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
10
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
11
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
reference_id 999909
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
13
reference_url https://security.archlinux.org/AVG-2565
reference_id AVG-2565
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2565
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41164
reference_id CVE-2021-41164
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41164
15
reference_url https://github.com/advisories/GHSA-pvmx-g8h5-cprj
reference_id GHSA-pvmx-g8h5-cprj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pvmx-g8h5-cprj
16
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj
reference_id GHSA-pvmx-g8h5-cprj
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj
fixed_packages
0
url pkg:npm/ckeditor4@4.17.0
purl pkg:npm/ckeditor4@4.17.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mmd-x6ge-fuaw
1
vulnerability VCID-2nbt-ysxu-d3bu
2
vulnerability VCID-2x4x-gkb7-u3b8
3
vulnerability VCID-3ze6-frgs-bqc6
4
vulnerability VCID-dhra-m93g-tucw
5
vulnerability VCID-fm9y-ujc1-qbaq
6
vulnerability VCID-zpr3-15yc-gfcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.17.0
aliases CVE-2021-41164, GHSA-pvmx-g8h5-cprj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbgv-19kg-z7a9
6
url VCID-dhra-m93g-tucw
vulnerability_id VCID-dhra-m93g-tucw
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elements in Advanced Content Filtering configuration (defaults to `script` and `style` elements). The vulnerability allows attackers to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. An attacker could abuse faulty CDATA content detection and use it to prepare an intentional attack on the editor. A fix is available in version 4.24.0-lts.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24815
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37809
published_at 2026-06-07T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.3784
published_at 2026-06-06T12:55:00Z
2
value 0.00169
scoring_system epss
scoring_elements 0.37837
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24815
1
reference_url https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_dtd.html#property-S-cdata
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T16:41:58Z/
url https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_dtd.html#property-S-cdata
2
reference_url https://ckeditor.com/docs/ckeditor4/latest/features/fullpage.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T16:41:58Z/
url https://ckeditor.com/docs/ckeditor4/latest/features/fullpage.html
3
reference_url https://ckeditor.com/docs/ckeditor4/latest/guide/dev_advanced_content_filter.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T16:41:58Z/
url https://ckeditor.com/docs/ckeditor4/latest/guide/dev_advanced_content_filter.html
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24815
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24815
5
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
6
reference_url https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T16:41:58Z/
url https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
7
reference_url https://www.drupal.org/sa-contrib-2024-009
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T16:41:58Z/
url https://www.drupal.org/sa-contrib-2024-009
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063536
reference_id 1063536
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063536
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063537
reference_id 1063537
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063537
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24815
reference_id CVE-2024-24815
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-24815
11
reference_url https://github.com/advisories/GHSA-fq6h-4g8v-qqvm
reference_id GHSA-fq6h-4g8v-qqvm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fq6h-4g8v-qqvm
12
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-fq6h-4g8v-qqvm
reference_id GHSA-fq6h-4g8v-qqvm
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-08T16:41:58Z/
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-fq6h-4g8v-qqvm
13
reference_url https://usn.ubuntu.com/7258-1/
reference_id USN-7258-1
reference_type
scores
url https://usn.ubuntu.com/7258-1/
fixed_packages
0
url pkg:npm/ckeditor4@4.24.0-lts
purl pkg:npm/ckeditor4@4.24.0-lts
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.24.0-lts
aliases CVE-2024-24815, GHSA-fq6h-4g8v-qqvm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dhra-m93g-tucw
7
url VCID-e4fg-q8d2-pkan
vulnerability_id VCID-e4fg-q8d2-pkan
summary 
Cross-site Scripting
ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at The problem has been recognized and patched. The fix will be available
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32808
reference_id
reference_type
scores
0
value 0.01368
scoring_system epss
scoring_elements 0.80569
published_at 2026-06-07T12:55:00Z
1
value 0.01368
scoring_system epss
scoring_elements 0.80571
published_at 2026-06-06T12:55:00Z
2
value 0.01368
scoring_system epss
scoring_elements 0.8057
published_at 2026-06-05T12:55:00Z
3
value 0.01368
scoring_system epss
scoring_elements 0.80543
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32808
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32808
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32808
2
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
3
reference_url https://github.com/ckeditor/ckeditor4/releases/tag/4.16.2
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/releases/tag/4.16.2
4
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements
1
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/
11
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
12
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992292
reference_id 992292
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992292
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32808
reference_id CVE-2021-32808
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32808
15
reference_url https://github.com/advisories/GHSA-6226-h7ff-ch6c
reference_id GHSA-6226-h7ff-ch6c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6226-h7ff-ch6c
16
reference_url https://usn.ubuntu.com/5340-1/
reference_id USN-5340-1
reference_type
scores
url https://usn.ubuntu.com/5340-1/
fixed_packages
0
url pkg:npm/ckeditor4@4.16.2
purl pkg:npm/ckeditor4@4.16.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mmd-x6ge-fuaw
1
vulnerability VCID-2nbt-ysxu-d3bu
2
vulnerability VCID-2x4x-gkb7-u3b8
3
vulnerability VCID-3ze6-frgs-bqc6
4
vulnerability VCID-6xfu-dm97-nkg4
5
vulnerability VCID-cbgv-19kg-z7a9
6
vulnerability VCID-dhra-m93g-tucw
7
vulnerability VCID-fm9y-ujc1-qbaq
8
vulnerability VCID-zpr3-15yc-gfcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.16.2
aliases CVE-2021-32808, GHSA-6226-h7ff-ch6c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e4fg-q8d2-pkan
8
url VCID-fm9y-ujc1-qbaq
vulnerability_id VCID-fm9y-ujc1-qbaq
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24728
reference_id
reference_type
scores
0
value 0.00994
scoring_system epss
scoring_elements 0.77271
published_at 2026-06-04T12:55:00Z
1
value 0.00994
scoring_system epss
scoring_elements 0.773
published_at 2026-06-07T12:55:00Z
2
value 0.00994
scoring_system epss
scoring_elements 0.77311
published_at 2026-06-06T12:55:00Z
3
value 0.00994
scoring_system epss
scoring_elements 0.77301
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24728
1
reference_url https://ckeditor.com/cke4/release/CKEditor-4.18.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://ckeditor.com/cke4/release/CKEditor-4.18.0
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24728
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24728
3
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
4
reference_url https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
9
reference_url https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4
10
reference_url https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4/
reference_id
reference_type
scores
url https://securitylab.github.com/advisories/GHSL-2022-009_ckeditor4/
11
reference_url https://www.drupal.org/sa-core-2022-005
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://www.drupal.org/sa-core-2022-005
12
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://www.oracle.com/security-alerts/cpujul2022.html
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
reference_id 1015217
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24728
reference_id CVE-2022-24728
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24728
15
reference_url https://github.com/advisories/GHSA-4fc4-4p5g-6w89
reference_id GHSA-4fc4-4p5g-6w89
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4fc4-4p5g-6w89
16
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89
reference_id GHSA-4fc4-4p5g-6w89
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89
17
reference_url https://usn.ubuntu.com/7258-1/
reference_id USN-7258-1
reference_type
scores
url https://usn.ubuntu.com/7258-1/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
reference_id VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VR76VBN5GW5QUBJFHVXRX36UZ6YTCMW6/
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
reference_id WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:08:59Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOZGMCYDB2OKKULFXZKM6V7JJW4ZZHJP/
fixed_packages
0
url pkg:npm/ckeditor4@4.18.0
purl pkg:npm/ckeditor4@4.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mmd-x6ge-fuaw
1
vulnerability VCID-2x4x-gkb7-u3b8
2
vulnerability VCID-3ze6-frgs-bqc6
3
vulnerability VCID-dhra-m93g-tucw
4
vulnerability VCID-zpr3-15yc-gfcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.18.0
aliases CVE-2022-24728, GHSA-4fc4-4p5g-6w89
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fm9y-ujc1-qbaq
9
url VCID-jwb5-yddw-7yc7
vulnerability_id VCID-jwb5-yddw-7yc7
summary 
Code Injection
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdit The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32809
reference_id
reference_type
scores
0
value 0.00236
scoring_system epss
scoring_elements 0.4679
published_at 2026-06-06T12:55:00Z
1
value 0.00236
scoring_system epss
scoring_elements 0.46721
published_at 2026-06-04T12:55:00Z
2
value 0.00236
scoring_system epss
scoring_elements 0.46772
published_at 2026-06-07T12:55:00Z
3
value 0.00236
scoring_system epss
scoring_elements 0.46787
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32809
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32809
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32809
2
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
3
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements
1
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/
10
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
11
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992291
reference_id 992291
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992291
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32809
reference_id CVE-2021-32809
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32809
14
reference_url https://github.com/advisories/GHSA-7889-rm5j-hpgg
reference_id GHSA-7889-rm5j-hpgg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7889-rm5j-hpgg
15
reference_url https://usn.ubuntu.com/5340-1/
reference_id USN-5340-1
reference_type
scores
url https://usn.ubuntu.com/5340-1/
16
reference_url https://usn.ubuntu.com/USN-5340-2/
reference_id USN-USN-5340-2
reference_type
scores
url https://usn.ubuntu.com/USN-5340-2/
fixed_packages
0
url pkg:npm/ckeditor4@4.16.2
purl pkg:npm/ckeditor4@4.16.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mmd-x6ge-fuaw
1
vulnerability VCID-2nbt-ysxu-d3bu
2
vulnerability VCID-2x4x-gkb7-u3b8
3
vulnerability VCID-3ze6-frgs-bqc6
4
vulnerability VCID-6xfu-dm97-nkg4
5
vulnerability VCID-cbgv-19kg-z7a9
6
vulnerability VCID-dhra-m93g-tucw
7
vulnerability VCID-fm9y-ujc1-qbaq
8
vulnerability VCID-zpr3-15yc-gfcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.16.2
aliases CVE-2021-32809, GHSA-7889-rm5j-hpgg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwb5-yddw-7yc7
10
url VCID-x4h6-xdj1-ebeu
vulnerability_id VCID-x4h6-xdj1-ebeu
summary 
Cross-site Scripting
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdit The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at The problem has been recognized and patched.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37695
reference_id
reference_type
scores
0
value 0.0074
scoring_system epss
scoring_elements 0.73283
published_at 2026-06-04T12:55:00Z
1
value 0.0074
scoring_system epss
scoring_elements 0.73311
published_at 2026-06-07T12:55:00Z
2
value 0.0074
scoring_system epss
scoring_elements 0.73325
published_at 2026-06-06T12:55:00Z
3
value 0.0074
scoring_system epss
scoring_elements 0.73319
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37695
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37695
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37695
2
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
3
reference_url https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58
4
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements
1
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc
5
reference_url https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/
12
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
13
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992290
reference_id 992290
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992290
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37695
reference_id CVE-2021-37695
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37695
16
reference_url https://github.com/advisories/GHSA-m94c-37g6-cjhc
reference_id GHSA-m94c-37g6-cjhc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m94c-37g6-cjhc
17
reference_url https://usn.ubuntu.com/5340-1/
reference_id USN-5340-1
reference_type
scores
url https://usn.ubuntu.com/5340-1/
18
reference_url https://usn.ubuntu.com/USN-5340-2/
reference_id USN-USN-5340-2
reference_type
scores
url https://usn.ubuntu.com/USN-5340-2/
fixed_packages
0
url pkg:npm/ckeditor4@4.16.2
purl pkg:npm/ckeditor4@4.16.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mmd-x6ge-fuaw
1
vulnerability VCID-2nbt-ysxu-d3bu
2
vulnerability VCID-2x4x-gkb7-u3b8
3
vulnerability VCID-3ze6-frgs-bqc6
4
vulnerability VCID-6xfu-dm97-nkg4
5
vulnerability VCID-cbgv-19kg-z7a9
6
vulnerability VCID-dhra-m93g-tucw
7
vulnerability VCID-fm9y-ujc1-qbaq
8
vulnerability VCID-zpr3-15yc-gfcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.16.2
aliases CVE-2021-37695, GHSA-m94c-37g6-cjhc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x4h6-xdj1-ebeu
11
url VCID-zpr3-15yc-gfcn
vulnerability_id VCID-zpr3-15yc-gfcn
summary 
Code Snippet GeSHi plugin in CKEditor 4 has reflected cross-site scripting (XSS) vulnerability
### Affected packages
The vulnerability has been discovered in [Code Snippet GeSHi](https://ckeditor.com/cke4/addon/codesnippetgeshi) plugin. All integrators that use [GeSHi syntax highlighter](https://github.com/GeSHi/geshi-1.0) on the backend side can be affected.

### Impact
A potential vulnerability has been discovered in CKEditor 4 [Code Snippet GeSHi](https://ckeditor.com/cke4/addon/codesnippetgeshi) plugin. The vulnerability allowed a reflected XSS attack by exploiting a flaw in the [GeSHi syntax highlighter library](https://github.com/GeSHi/geshi-1.0) hosted by the victim.

The GeSHi library was included as a vendor dependency in CKEditor 4 source files. In a specific scenario, an attacker could craft a malicious script that could be executed by sending a request to the GeSHi library hosted on a PHP web server.

### Patches

The [GeSHi library](https://github.com/GeSHi/geshi-1.0) is no longer actively maintained. Due to the lack of ongoing support and updates, potential security vulnerabilities have been identified with its continued use. To mitigate these risks and enhance the overall security of the CKEditor 4, we have decided to completely remove the GeSHi library as a dependency. This change aims to maintain a secure environment and reduce the risk of any security incidents related to outdated or unsupported software.

To integrators who still want to use the GeSHi syntax highlighter, we recommend manually adding the [GeSHi library](https://github.com/GeSHi/geshi-1.0) . Please be aware of and understand the potential security vulnerabilities associated with its use.

The fix is be available in version 4.25.0-lts.

### Acknowledgements

The CKEditor 4 team would like to thank [Jiasheng He](https://github.com/Hebing123) from Qihoo 360 for recognizing and reporting this vulnerability.

### For more information

Email us at [security@cksource.com](mailto:security@cksource.com) if you have any questions or comments about this advisory.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43407
reference_id
reference_type
scores
0
value 0.01847
scoring_system epss
scoring_elements 0.83361
published_at 2026-06-05T12:55:00Z
1
value 0.01847
scoring_system epss
scoring_elements 0.8336
published_at 2026-06-07T12:55:00Z
2
value 0.01847
scoring_system epss
scoring_elements 0.83364
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43407
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43407
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43407
2
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
3
reference_url https://github.com/ckeditor/ckeditor4/commit/71072c9f7f263329841bd38e7e5309074c82ef94
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T19:12:17Z/
url https://github.com/ckeditor/ckeditor4/commit/71072c9f7f263329841bd38e7e5309074c82ef94
4
reference_url https://github.com/ckeditor/ckeditor4/commit/951e7d75fcbcaa2590b0719fb0bb0dd0539ca6fa
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T19:12:17Z/
url https://github.com/ckeditor/ckeditor4/commit/951e7d75fcbcaa2590b0719fb0bb0dd0539ca6fa
5
reference_url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7r32-vfj5-c2jv
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T19:12:17Z/
url https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7r32-vfj5-c2jv
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083192
reference_id 1083192
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083192
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-43407
reference_id CVE-2024-43407
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-43407
8
reference_url https://github.com/advisories/GHSA-7r32-vfj5-c2jv
reference_id GHSA-7r32-vfj5-c2jv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7r32-vfj5-c2jv
fixed_packages
0
url pkg:npm/ckeditor4@4.25.0
purl pkg:npm/ckeditor4@4.25.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.25.0
aliases CVE-2024-43407, GHSA-7r32-vfj5-c2jv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zpr3-15yc-gfcn
Fixing_vulnerabilities
0
url VCID-8rwx-uyv9-e3ee
vulnerability_id VCID-8rwx-uyv9-e3ee
summary cross-site scripting
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-33829
reference_id
reference_type
scores
0
value 0.65532
scoring_system epss
scoring_elements 0.98512
published_at 2026-06-06T12:55:00Z
1
value 0.65532
scoring_system epss
scoring_elements 0.98509
published_at 2026-06-04T12:55:00Z
2
value 0.65532
scoring_system epss
scoring_elements 0.98513
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-33829
1
reference_url https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33829
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33829
3
reference_url https://github.com/ckeditor/ckeditor4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ckeditor/ckeditor4
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2021-33829.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2021-33829.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2021-33829.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2021-33829.yaml
6
reference_url https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/
13
reference_url https://www.drupal.org/sa-core-2021-003
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.drupal.org/sa-core-2021-003
14
reference_url https://www.npmjs.com/package/ckeditor4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/ckeditor4
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
reference_id 1015217
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
16
reference_url https://security.archlinux.org/ASA-202106-35
reference_id ASA-202106-35
reference_type
scores
url https://security.archlinux.org/ASA-202106-35
17
reference_url https://security.archlinux.org/AVG-2069
reference_id AVG-2069
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2069
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-33829
reference_id CVE-2021-33829
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-33829
19
reference_url https://github.com/advisories/GHSA-rgx6-rjj4-c388
reference_id GHSA-rgx6-rjj4-c388
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rgx6-rjj4-c388
20
reference_url https://usn.ubuntu.com/5340-1/
reference_id USN-5340-1
reference_type
scores
url https://usn.ubuntu.com/5340-1/
21
reference_url https://usn.ubuntu.com/USN-5340-2/
reference_id USN-USN-5340-2
reference_type
scores
url https://usn.ubuntu.com/USN-5340-2/
fixed_packages
0
url pkg:npm/ckeditor4@4.16.1
purl pkg:npm/ckeditor4@4.16.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2mmd-x6ge-fuaw
1
vulnerability VCID-2nbt-ysxu-d3bu
2
vulnerability VCID-2x4x-gkb7-u3b8
3
vulnerability VCID-3ze6-frgs-bqc6
4
vulnerability VCID-6xfu-dm97-nkg4
5
vulnerability VCID-cbgv-19kg-z7a9
6
vulnerability VCID-dhra-m93g-tucw
7
vulnerability VCID-e4fg-q8d2-pkan
8
vulnerability VCID-fm9y-ujc1-qbaq
9
vulnerability VCID-jwb5-yddw-7yc7
10
vulnerability VCID-x4h6-xdj1-ebeu
11
vulnerability VCID-zpr3-15yc-gfcn
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.16.1
aliases CVE-2021-33829, GHSA-rgx6-rjj4-c388
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8rwx-uyv9-e3ee
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.16.1