ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-03T23:33:55.865Z

Reserved: 2021-05-12T00:00:00

Link: CVE-2021-32808

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-08-12T17:15:08.047

Modified: 2024-11-21T06:07:47.340

Link: CVE-2021-32808

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.