VDB

CVE-2021-32808

CVE-2021-32808 REJECTED

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.

EPSS 1.37% · 80.6th percentile

Risk Scores

EPSS Score
1.37%
80.6th percentile

Affected Products

VendorProductVersions
Ubuntu:22.04:LTSckeditor0, 4.16.0+dfsg-2

Timeline

  • CVE Published
  • Aug 12, 2021 PoC Published
  • Aug 13, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 8, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 29, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • Apr 23, 2025 EPSS Score
  • May 1, 2025 EPSS Score
  • May 4, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›