HomePentest-Tools.com Logo

CKEditor < 4.16.2 XSS Vulnerability - Windows CVE-2021-37695

Severity
CVSSv3 Score
5.4
Vulnerability description

CKEditor is prone to a cross-site scripting (XSS) vulnerability.

Risk description

The Fake Objects package allows to inject malformed Fake Objects HTML, which could result in executing JavaScript code.

Recommendation

Update to version 4.16.2 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 13, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available