CKeditor: XSS vulnerability in the Clipboard plugin

Issue date: 13-12-2021
Affects versions: 14.6

Security Issue ID

SECURITY-254

Affected Product Version(s)

14.6.3 and previous releases.

Severity

medium

Description

Impact

A potential vulnerability has been discovered in CKEditor 4 Clipboard package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2.

Patches

The problem has been recognized and patched. The fix will be available in version 4.16.2.

[

https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg]

https://www.cvedetails.com/cve/CVE-2021-32808/

Instructions

Customers using the 14.x major versions are recommended to upgrade to the latest version in that series.

Content Application

Channels

Projects

Relevance

Architecture

Concepts

Platform Configuration

Frontend Integration

Backend Development

Commerce Accelerator

Cloud Deployment (PaaS)

On-Premise Deployment

Security

Release Management

Platform Development

Bloomreach Documentation version

CKeditor: XSS vulnerability in the Clipboard plugin

Impact

Patches