GCVE - cpe:2.3:a:ckeditor:ckeditor:*:*:*:*:*:node.js:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ckeditor:ckeditor:*:*:*:*:*:node.js:*:*

part: a version: * update: *

Vendor	Ckeditor (`877d65b2-0725-531d-9c90-2100c31f9aea`)
Product	Ckeditor (`8e20798a-efec-508d-98f9-71c4cbfdacad`)
Edition	*
Language	*
Software edition	*
Target software	node.js
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-32809`	vulnerable	2026-06-03 14:44:40.338138	Arbitrary HTML injection vulnerability in ckeditor MEDIUM (4.6) ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2. Published: 2021-08-12T17:10:09.000Z Updated: 2024-08-03T23:33:56.090Z Open on db.gcve.eu Reference links https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/ https://www.oracle.com/security-alerts/cpuoct2021.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-32808`	vulnerable	2026-06-03 14:44:40.328110	Cross-site scripting in ckeditor via abuse of undo functionality HIGH (7.6) ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2. Published: 2021-08-12T16:25:10.000Z Updated: 2024-08-03T23:33:55.865Z Open on db.gcve.eu Reference links https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c https://github.com/ckeditor/ckeditor4/releases/tag/4.16.2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYA354LJP47KCVJMTUO77ZCX3ZK42G3T/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVOYN2WKDPLKCNILIGEZM236ABQASLGW/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WAGNWHFIQAVCP537KFFS2A2GDG66J7XD/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.