VDB
CVE-2021-32808
CVE-2021-32808
REJECTED
ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.
EPSS 1.37% · 80.6th percentile
Risk Scores
EPSS Score
1.37%
80.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | ckeditor | 0, 4.16.0+dfsg-2 |
Timeline
- CVE Published
- Aug 12, 2021 PoC Published
- Aug 13, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 8, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 23, 2025 EPSS Score
- May 1, 2025 EPSS Score
- May 4, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-32808 third-party-advisory
- https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c third-party-advisory
- https://github.com/ckeditor/ckeditor4/releases/tag/4.16.2 third-party-advisory
- https://ubuntu.com/security/notices/USN-5340-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-32808 third-party-advisory