Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/ckeditor@4.4.4%2Bdfsg1-3

Type deb

Namespace debian

Name ckeditor

Version 4.4.4+dfsg1-3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 4.19.1+dfsg-1

Latest_non_vulnerable_version 4.19.1+dfsg-1

Affected_by_vulnerabilities

url VCID-2nbt-ysxu-d3bu

vulnerability_id VCID-2nbt-ysxu-d3bu

summary

Improper Input Validation
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-26271

reference_id

reference_type

scores

value	0.00617
scoring_system	epss
scoring_elements	0.7037
published_at	2026-06-06T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.70353
published_at	2026-06-07T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.7032
published_at	2026-06-04T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.70341
published_at	2026-06-08T12:55:00Z

value	0.00617
scoring_system	epss
scoring_elements	0.70362
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-26271

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24729

reference_id

reference_type

scores

value	0.01115
scoring_system	epss
scoring_elements	0.78532
published_at	2026-06-04T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78544
published_at	2026-06-08T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78557
published_at	2026-06-07T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78566
published_at	2026-06-06T12:55:00Z

value	0.01115
scoring_system	epss
scoring_elements	0.78558
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24729

reference_url	https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first
reference_id
reference_type
scores
url	https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first

reference_url	https://ckeditor.com/cke4/release/CKEditor-4.18.0
reference_id
reference_type
scores
url	https://ckeditor.com/cke4/release/CKEditor-4.18.0

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26271
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26271

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24729
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24729

reference_url

https://github.com/ckeditor/ckeditor4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4

reference_url

https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416

reference_url

https://github.com/ckeditor/ckeditor4/blob/master/CHANGES.md#ckeditor-416

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

url

https://github.com/ckeditor/ckeditor4/blob/master/CHANGES.md#ckeditor-416

reference_url

https://web.archive.org/web/20210128132707/https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210128132707/https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first

reference_url	https://www.drupal.org/sa-core-2022-005
reference_id
reference_type
scores
url	https://www.drupal.org/sa-core-2022-005

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587
reference_id	982587
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-26271

reference_id

CVE-2021-26271

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-26271

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-24729
reference_id	CVE-2022-24729
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-24729

reference_url	https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh
reference_id	GHSA-f6rf-9m92-x2hh
reference_type
scores
url	https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh

reference_url

https://github.com/advisories/GHSA-jv4c-7jqq-m34x

reference_id

GHSA-jv4c-7jqq-m34x

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jv4c-7jqq-m34x

fixed_packages

url pkg:deb/debian/ckeditor@4.16.0%2Bdfsg-2

purl pkg:deb/debian/ckeditor@4.16.0%2Bdfsg-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nbt-ysxu-d3bu

vulnerability	VCID-6xfu-dm97-nkg4

vulnerability	VCID-cbgv-19kg-z7a9

vulnerability	VCID-e4fg-q8d2-pkan

vulnerability	VCID-fm9y-ujc1-qbaq

vulnerability	VCID-jwb5-yddw-7yc7

vulnerability	VCID-x4h6-xdj1-ebeu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.16.0%252Bdfsg-2

url	pkg:deb/debian/ckeditor@4.19.1%2Bdfsg-1
purl	pkg:deb/debian/ckeditor@4.19.1%2Bdfsg-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.19.1%252Bdfsg-1

aliases CVE-2021-26271, CVE-2022-24729, GHSA-f6rf-9m92-x2hh, GHSA-jv4c-7jqq-m34x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2nbt-ysxu-d3bu

url VCID-8rwx-uyv9-e3ee

vulnerability_id VCID-8rwx-uyv9-e3ee

summary cross-site scripting

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-33829

reference_id

reference_type

scores

value	0.65532
scoring_system	epss
scoring_elements	0.98512
published_at	2026-06-06T12:55:00Z

value	0.65532
scoring_system	epss
scoring_elements	0.98509
published_at	2026-06-04T12:55:00Z

value	0.65532
scoring_system	epss
scoring_elements	0.98513
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-33829

reference_url

https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33829
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33829

reference_url

https://github.com/ckeditor/ckeditor4

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2021-33829.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2021-33829.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2021-33829.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2021-33829.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/

reference_url

https://www.drupal.org/sa-core-2021-003

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.drupal.org/sa-core-2021-003

reference_url

https://www.npmjs.com/package/ckeditor4

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/package/ckeditor4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
reference_id	1015217
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217

reference_url	https://security.archlinux.org/ASA-202106-35
reference_id	ASA-202106-35
reference_type
scores
url	https://security.archlinux.org/ASA-202106-35

reference_url

https://security.archlinux.org/AVG-2069

reference_id

AVG-2069

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2069

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-33829

reference_id

CVE-2021-33829

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-33829

reference_url

https://github.com/advisories/GHSA-rgx6-rjj4-c388

reference_id

GHSA-rgx6-rjj4-c388

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rgx6-rjj4-c388

reference_url	https://usn.ubuntu.com/5340-1/
reference_id	USN-5340-1
reference_type
scores
url	https://usn.ubuntu.com/5340-1/

reference_url	https://usn.ubuntu.com/USN-5340-2/
reference_id	USN-USN-5340-2
reference_type
scores
url	https://usn.ubuntu.com/USN-5340-2/

fixed_packages

url pkg:deb/debian/ckeditor@4.16.0%2Bdfsg-2

purl pkg:deb/debian/ckeditor@4.16.0%2Bdfsg-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nbt-ysxu-d3bu

vulnerability	VCID-6xfu-dm97-nkg4

vulnerability	VCID-cbgv-19kg-z7a9

vulnerability	VCID-e4fg-q8d2-pkan

vulnerability	VCID-fm9y-ujc1-qbaq

vulnerability	VCID-jwb5-yddw-7yc7

vulnerability	VCID-x4h6-xdj1-ebeu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.16.0%252Bdfsg-2

aliases CVE-2021-33829, GHSA-rgx6-rjj4-c388

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8rwx-uyv9-e3ee

url VCID-mevr-4wd2-gkch

vulnerability_id VCID-mevr-4wd2-gkch

summary

Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4
It was possible to execute a ReDoS-type attack inside CKEditor 4 before
4.16 by persuading a victim to paste crafted URL-like text into the editor, and
then press Enter or Space (in the Autolink plugin).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-26272

reference_id

reference_type

scores

value	0.00502
scoring_system	epss
scoring_elements	0.66381
published_at	2026-06-04T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66399
published_at	2026-06-08T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66414
published_at	2026-06-07T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.6643
published_at	2026-06-06T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66422
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-26272

reference_url

https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://ckeditor.com/blog/CKEditor-4.16-with-improved-image-pasting-High-Contrast-support-and-a-new-color-API/#security-comes-first

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26272
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26272

reference_url

https://github.com/ckeditor/ckeditor4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4

reference_url

https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-416

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587
reference_id	982587
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982587

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-26272

reference_id

CVE-2021-26272

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-26272

reference_url

https://github.com/advisories/GHSA-wpvm-wqr4-p7cw

reference_id

GHSA-wpvm-wqr4-p7cw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wpvm-wqr4-p7cw

fixed_packages

url pkg:deb/debian/ckeditor@4.16.0%2Bdfsg-2

purl pkg:deb/debian/ckeditor@4.16.0%2Bdfsg-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nbt-ysxu-d3bu

vulnerability	VCID-6xfu-dm97-nkg4

vulnerability	VCID-cbgv-19kg-z7a9

vulnerability	VCID-e4fg-q8d2-pkan

vulnerability	VCID-fm9y-ujc1-qbaq

vulnerability	VCID-jwb5-yddw-7yc7

vulnerability	VCID-x4h6-xdj1-ebeu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.16.0%252Bdfsg-2

aliases CVE-2021-26272, GHSA-wpvm-wqr4-p7cw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mevr-4wd2-gkch

url VCID-qxab-9uwr-yqhv

vulnerability_id VCID-qxab-9uwr-yqhv

summary

Cross-site Scripting
CKEditor allows user-assisted XSS involving a source-mode paste.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-17960

reference_id

reference_type

scores

value	0.02024
scoring_system	epss
scoring_elements	0.84092
published_at	2026-06-04T12:55:00Z

value	0.02024
scoring_system	epss
scoring_elements	0.84102
published_at	2026-06-08T12:55:00Z

value	0.02024
scoring_system	epss
scoring_elements	0.84113
published_at	2026-06-07T12:55:00Z

value	0.02024
scoring_system	epss
scoring_elements	0.84117
published_at	2026-06-06T12:55:00Z

value	0.02024
scoring_system	epss
scoring_elements	0.84114
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-17960

reference_url

https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released

reference_url	https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/
reference_id
reference_type
scores
url	https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/

reference_url

https://ckeditor.com/cke4/release/CKEditor-4.11.0

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://ckeditor.com/cke4/release/CKEditor-4.11.0

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17960
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17960

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2018-005

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-core-sa-2018-005

reference_url

https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
reference_id	1015217
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-17960

reference_id

CVE-2018-17960

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-17960

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml

reference_id

CVE-2018-17960.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml

reference_id

CVE-2018-17960.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml

reference_url

https://github.com/advisories/GHSA-g68x-vvqq-pvw3

reference_id

GHSA-g68x-vvqq-pvw3

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-g68x-vvqq-pvw3

fixed_packages

url pkg:deb/debian/ckeditor@4.11.1%2Bdfsg-1

purl pkg:deb/debian/ckeditor@4.11.1%2Bdfsg-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nbt-ysxu-d3bu

vulnerability	VCID-8rwx-uyv9-e3ee

vulnerability	VCID-mevr-4wd2-gkch

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.11.1%252Bdfsg-1

aliases CVE-2018-17960, GHSA-g68x-vvqq-pvw3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxab-9uwr-yqhv

Fixing_vulnerabilities

url VCID-yb4n-59y6-efdp

vulnerability_id VCID-yb4n-59y6-efdp

summary

The Preview plugin in CKEditor allows Cross-site scripting (XSS)
Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

references

reference_url

http://ckeditor.com/node/136981

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://ckeditor.com/node/136981

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-5191

reference_id

reference_type

scores

value	0.00359
scoring_system	epss
scoring_elements	0.58393
published_at	2026-06-08T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58361
published_at	2026-06-04T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58408
published_at	2026-06-07T12:55:00Z

value	0.00359
scoring_system	epss
scoring_elements	0.58416
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-5191

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5191
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5191

reference_url

https://github.com/ckeditor/ckeditor4/commit/b685874c6bc873a76e6e95916c43840a2b7ab08a

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4/commit/b685874c6bc873a76e6e95916c43840a2b7ab08a

reference_url

https://github.com/ckeditor/ckeditor4-releases

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/ckeditor/ckeditor4-releases

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
reference_id	1015217
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760736
reference_id	760736
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760736

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-5191

reference_id

CVE-2014-5191

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-5191

reference_url

https://github.com/advisories/GHSA-v27h-j97p-wqmx

reference_id

GHSA-v27h-j97p-wqmx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v27h-j97p-wqmx

fixed_packages

url pkg:deb/debian/ckeditor@4.4.4%2Bdfsg1-3

purl pkg:deb/debian/ckeditor@4.4.4%2Bdfsg1-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2nbt-ysxu-d3bu

vulnerability	VCID-8rwx-uyv9-e3ee

vulnerability	VCID-mevr-4wd2-gkch

vulnerability	VCID-qxab-9uwr-yqhv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.4.4%252Bdfsg1-3

aliases CVE-2014-5191, GHSA-v27h-j97p-wqmx

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yb4n-59y6-efdp

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/ckeditor@4.4.4%252Bdfsg1-3

Package Instance