{"url":"http://public2.vulnerablecode.io/api/packages/57030?format=json","purl":"pkg:npm/ckeditor4@4.13.0","type":"npm","namespace":"","name":"ckeditor4","version":"4.13.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.16.2","latest_non_vulnerable_version":"4.24.0-lts","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41306?format=json","vulnerability_id":"VCID-e4fg-q8d2-pkan","summary":"Cross-site Scripting\nckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at The problem has been recognized and patched. The fix will be available","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32808","reference_id":"CVE-2021-32808","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32808"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58681?format=json","purl":"pkg:npm/ckeditor4@4.16.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.16.2"}],"aliases":["CVE-2021-32808","GHSA-6226-h7ff-ch6c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e4fg-q8d2-pkan"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40440?format=json","vulnerability_id":"VCID-qxab-9uwr-yqhv","summary":"Cross-site Scripting\nCKEditor allows user-assisted XSS involving a source-mode paste.","references":[{"reference_url":"https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/","reference_id":"","reference_type":"","scores":[],"url":"https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/"},{"reference_url":"https://ckeditor.com/cke4/release/CKEditor-4.11.0","reference_id":"","reference_type":"","scores":[],"url":"https://ckeditor.com/cke4/release/CKEditor-4.11.0"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-005","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-005"},{"reference_url":"https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17960","reference_id":"CVE-2018-17960","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17960"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml","reference_id":"CVE-2018-17960.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml","reference_id":"CVE-2018-17960.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml"},{"reference_url":"https://github.com/advisories/GHSA-g68x-vvqq-pvw3","reference_id":"GHSA-g68x-vvqq-pvw3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g68x-vvqq-pvw3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57030?format=json","purl":"pkg:npm/ckeditor4@4.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e4fg-q8d2-pkan"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.13.0"}],"aliases":["CVE-2018-17960","GHSA-g68x-vvqq-pvw3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxab-9uwr-yqhv"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/ckeditor4@4.13.0"}