ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-04T01:23:01.506Z

Reserved: 2021-07-29T00:00:00

Link: CVE-2021-37695

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-08-13T00:15:07.397

Modified: 2024-11-21T06:15:43.433

Link: CVE-2021-37695

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.