 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.117501 |
| Category: | Web application abuses |
| Title: | CKEditor 4.0 < 4.16.1 XSS Vulnerability - Windows |
| Summary: | CKEditor is prone to a cross-site scripting (XSS) vulnerability. |
| Description: | Summary: CKEditor is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: An XSS vulnerability in the HTML Data Processor in CKEditor allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled. Affected Software/OS: CKEditor version 4.0 through 4.16.0. Solution: Update to version 4.16.1 or later CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-33829 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/ https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser https://lists.debian.org/debian-lts-announce/2021/11/msg00007.html |
| Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |