VYPR
Moderate severityNVD Advisory· Published Jun 9, 2021· Updated Aug 3, 2024

CVE-2021-33829

CVE-2021-33829

Description

A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
ckeditor4npm
>= 4.14.0, < 4.16.14.16.1
drupal/corePackagist
>= 7.0.0, < 7.807.80
drupal/corePackagist
>= 8.0.0, < 8.9.168.9.16
drupal/corePackagist
>= 9.0.0, < 9.0.149.0.14
drupal/corePackagist
>= 9.1.0, < 9.1.99.1.9
drupal/drupalPackagist
>= 7.0.0, < 7.807.80
drupal/drupalPackagist
>= 8.0.0, < 8.9.168.9.16
drupal/drupalPackagist
>= 9.0.0, < 9.0.149.0.14
drupal/drupalPackagist
>= 9.1.0, < 9.1.99.1.9

Affected products

5

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.