VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-d8yr-5fqs-y3b1

Essentials
Severities (20)
References (13)
Severity details (19)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-d8yr-5fqs-y3b1
Aliases	CVE-2021-41165 GHSA-7h26-63m7-qhf2
Summary	cross-site scripting
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

System	Score	Found at
epss	0.00123	https://api.first.org/data/v1/epss?cve=CVE-2021-41165
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-7h26-63m7-qhf2
cvssv3.1	8.2	https://github.com/ckeditor/ckeditor4
generic_textual	HIGH	https://github.com/ckeditor/ckeditor4
cvssv3.1	8.2	https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
generic_textual	HIGH	https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
cvssv3.1	8.2	https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
cvssv3.1_qr	HIGH	https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
generic_textual	HIGH	https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
cvssv3.1	8.2	https://nvd.nist.gov/vuln/detail/CVE-2021-41165
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2021-41165
archlinux	Medium	https://security.archlinux.org/AVG-2565
cvssv3.1	8.2	https://www.drupal.org/sa-core-2021-011
generic_textual	HIGH	https://www.drupal.org/sa-core-2021-011
cvssv3.1	8.2	https://www.oracle.com/security-alerts/cpuapr2022.html
generic_textual	HIGH	https://www.oracle.com/security-alerts/cpuapr2022.html
cvssv3.1	8.2	https://www.oracle.com/security-alerts/cpujan2022.html
generic_textual	HIGH	https://www.oracle.com/security-alerts/cpujan2022.html
cvssv3.1	8.2	https://www.oracle.com/security-alerts/cpujul2022.html
generic_textual	HIGH	https://www.oracle.com/security-alerts/cpujul2022.html

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2021-41165
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41165
		https://github.com/ckeditor/ckeditor4
		https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417
		https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2
		https://nvd.nist.gov/vuln/detail/CVE-2021-41165
		https://www.drupal.org/sa-core-2021-011
		https://www.oracle.com/security-alerts/cpuapr2022.html
		https://www.oracle.com/security-alerts/cpujan2022.html
		https://www.oracle.com/security-alerts/cpujul2022.html
999909		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999909
AVG-2565		https://security.archlinux.org/AVG-2565
GHSA-7h26-63m7-qhf2		https://github.com/advisories/GHSA-7h26-63m7-qhf2

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L Found at https://github.com/ckeditor/ckeditor4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L Found at https://github.com/ckeditor/ckeditor4/blob/major/CHANGES.md#ckeditor-417

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L Found at https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2021-41165

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L Found at https://www.drupal.org/sa-core-2021-011

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L Found at https://www.oracle.com/security-alerts/cpuapr2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L Found at https://www.oracle.com/security-alerts/cpujan2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L Found at https://www.oracle.com/security-alerts/cpujul2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.32408
EPSS Score	0.00123
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T11:54:16.898022+00:00	Arch Linux Importer	Import	https://security.archlinux.org/AVG-2565	36.1.3