VulnerableCode Package Details - pkg:deb/debian/ckeditor@4.16.2%2Bdfsg-1?distro=sid

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-17pr-6guy-53ge	Cross-site Scripting ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at The problem has been recognized and patched. The fix will be available	CVE-2021-32808 GHSA-6226-h7ff-ch6c
VCID-sd2a-hmu2-wbax	Code Injection ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdit The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor.	CVE-2021-32809 GHSA-7889-rm5j-hpgg
VCID-vj35-jtgq-8qbv	Cross-site Scripting ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdit The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at The problem has been recognized and patched.	CVE-2021-37695 GHSA-m94c-37g6-cjhc

Vulnerability

Summary

Aliases

VCID-17pr-6guy-53ge

Cross-site Scripting ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at The problem has been recognized and patched. The fix will be available

CVE-2021-32808
GHSA-6226-h7ff-ch6c

VCID-sd2a-hmu2-wbax

Code Injection ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdit The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor.

CVE-2021-32809
GHSA-7889-rm5j-hpgg

VCID-vj35-jtgq-8qbv

Cross-site Scripting ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdit The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at The problem has been recognized and patched.

CVE-2021-37695
GHSA-m94c-37g6-cjhc

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T07:21:10.367185+00:00	Debian Importer	Fixing	VCID-vj35-jtgq-8qbv	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:21:10.334246+00:00	Debian Importer	Fixing	VCID-sd2a-hmu2-wbax	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:21:10.313914+00:00	Debian Importer	Fixing	VCID-17pr-6guy-53ge	https://security-tracker.debian.org/tracker/data/json	38.1.0