CPE-D16AA431-5108-46BB-84EE-C4DDA2F06652 Detail

CPE Details

CKEditor 4.14.0 for Node.js

Vendor

ckeditor

Product

ckeditor

Version

4.14.0

Created

2021-08-20
15h40 +00:00

Modified

2021-08-23
09h20 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:ckeditor:ckeditor:4.14.0:::::node.js::

Informations

Vendor

ckeditor

Product

ckeditor

Version

4.14.0

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2024-24816	2024-02-07 16h58 +00:00	CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts.	6.1	Medium
CVE-2023-28439	2023-03-22 20h55 +00:00	CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages on a web page with missing proper Content Security Policy configuration; initializing the editor on an element and using an element other than `` as a base; and destroying the editor instance. This vulnerability might affect a small percentage of integrators that depend on dynamic editor initialization/destroy mechanism. A fix is available in CKEditor4 version 4.21.0. In some rare cases, a security fix may be considered a breaking change. Starting from version 4.21.0, the Iframe Dialog plugin applies the `sandbox` attribute by default, which restricts JavaScript code execution in the iframe element. To change this behavior, configure the `config.iframe_attributes` option. Also starting from version 4.21.0, the Media Embed plugin regenerates the entire content of the embed widget by default. To change this behavior, configure the `config.embed_keepOriginalContent` option. Those who choose to enable either of the more permissive options or who cannot upgrade to a patched version should properly configure Content Security Policy to avoid any potential security issues that may arise from embedding iframe elements on their web page.</td> <td><div class="badge badge-light-warning" style="font-size:1em">6.1</div></td> <td><div class="badge badge-light-warning" style="font-size:1em;text-transform: uppercase;">Medium</div></td> </tr> <tr> <td><nobr><a href='/en/cve/CVE-2022-24728.html'>CVE-2022-24728</a></nobr></td> <td><nobr>2022-03-15<span class='fs-7'> 23h00</span><span class='fs-9'> +00:00</span></nobr></td> <td>CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.</td> <td><div class="badge badge-light-warning" style="font-size:1em">5.4</div></td> <td><div class="badge badge-light-warning" style="font-size:1em;text-transform: uppercase;">Medium</div></td> </tr> <tr> <td><nobr><a href='/en/cve/CVE-2022-24729.html'>CVE-2022-24729</a></nobr></td> <td><nobr>2022-03-15<span class='fs-7'> 23h00</span><span class='fs-9'> +00:00</span></nobr></td> <td>CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.</td> <td><div class="badge badge-light-danger" style="font-size:1em">7.5</div></td> <td><div class="badge badge-light-danger" style="font-size:1em;text-transform: uppercase;">High</div></td> </tr> <tr> <td><nobr><a href='/en/cve/CVE-2021-41165.html'>CVE-2021-41165</a></nobr></td> <td><nobr>2021-11-17<span class='fs-7'> 18h15</span><span class='fs-9'> +00:00</span></nobr></td> <td>CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.</td> <td><div class="badge badge-light-danger" style="font-size:1em">8.2</div></td> <td><div class="badge badge-light-danger" style="font-size:1em;text-transform: uppercase;">High</div></td> </tr> <tr> <td><nobr><a href='/en/cve/CVE-2021-41164.html'>CVE-2021-41164</a></nobr></td> <td><nobr>2021-11-16<span class='fs-7'> 23h00</span><span class='fs-9'> +00:00</span></nobr></td> <td>CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.</td> <td><div class="badge badge-light-danger" style="font-size:1em">8.2</div></td> <td><div class="badge badge-light-danger" style="font-size:1em;text-transform: uppercase;">High</div></td> </tr> <tr> <td><nobr><a href='/en/cve/CVE-2021-37695.html'>CVE-2021-37695</a></nobr></td> <td><nobr>2021-08-12<span class='fs-7'> 21h10</span><span class='fs-9'> +00:00</span></nobr></td> <td>ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.</td> <td><div class="badge badge-light-danger" style="font-size:1em">7.3</div></td> <td><div class="badge badge-light-danger" style="font-size:1em;text-transform: uppercase;">High</div></td> </tr> <tr> <td><nobr><a href='/en/cve/CVE-2021-32809.html'>CVE-2021-32809</a></nobr></td> <td><nobr>2021-08-12<span class='fs-7'> 15h10</span><span class='fs-9'> +00:00</span></nobr></td> <td>ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.</td> <td><div class="badge badge-light-warning" style="font-size:1em">5.4</div></td> <td><div class="badge badge-light-warning" style="font-size:1em;text-transform: uppercase;">Medium</div></td> </tr> <tr> <td><nobr><a href='/en/cve/CVE-2021-32808.html'>CVE-2021-32808</a></nobr></td> <td><nobr>2021-08-12<span class='fs-7'> 14h25</span><span class='fs-9'> +00:00</span></nobr></td> <td>ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.</td> <td><div class="badge badge-light-danger" style="font-size:1em">7.6</div></td> <td><div class="badge badge-light-danger" style="font-size:1em;text-transform: uppercase;">High</div></td> </tr> <tr> <td><nobr><a href='/en/cve/CVE-2021-33829.html'>CVE-2021-33829</a></nobr></td> <td><nobr>2021-06-09<span class='fs-7'> 09h51</span><span class='fs-9'> +00:00</span></nobr></td> <td>A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.</td> <td><div class="badge badge-light-warning" style="font-size:1em">6.1</div></td> <td><div class="badge badge-light-warning" style="font-size:1em;text-transform: uppercase;">Medium</div></td> </tr> <tr> <td><nobr><a href='/en/cve/CVE-2021-26272.html'>CVE-2021-26272</a></nobr></td> <td><nobr>2021-01-26<span class='fs-7'> 19h39</span><span class='fs-9'> +00:00</span></nobr></td> <td>It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).</td> <td><div class="badge badge-light-warning" style="font-size:1em">6.5</div></td> <td><div class="badge badge-light-warning" style="font-size:1em;text-transform: uppercase;">Medium</div></td> </tr> <tr> <td><nobr><a href='/en/cve/CVE-2021-26271.html'>CVE-2021-26271</a></nobr></td> <td><nobr>2021-01-26<span class='fs-7'> 19h39</span><span class='fs-9'> +00:00</span></nobr></td> <td>It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).</td> <td><div class="badge badge-light-warning" style="font-size:1em">6.5</div></td> <td><div class="badge badge-light-warning" style="font-size:1em;text-transform: uppercase;">Medium</div></td> </tr> </tbody> </table> </div> <div class="separator my-10"></div> </div> </div> </div> </div> </div> </div> <!--end::Container--> <!--begin::Footer--> <div class="footer py-4 d-flex flex-lg-column" id="kt_footer"> <div class="container-xxl d-flex flex-column flex-md-row align-items-center justify-content-between"> <div class="text-gray-900 order-2 order-md-1"> <span class="text-muted fw-semibold me-1">2025©</span> <a href="https://www.tesweb.com" target="_blank" class="text-gray-800 text-hover-primary">tesweb SA</a> </div> <ul class="menu menu-gray-600 menu-hover-primary fw-semibold order-1"> <li class="menu-item"> <a href="/en/official.html" class="menu-link px-2">Database Partners</a> </li> <li class="menu-item"> <a href="/en/gdpr.html" class="menu-link px-2">GDPR</a> </li> <li class="menu-item"> <a href="/en/contact.html" class="menu-link px-2">Contact</a> </li> <li class="menu-item"> <a href="/en/plan-price.html" class="menu-link px-2">Purchase</a> </li> <li class="menu-item"> <a href="https://www.linkedin.com/company/cve-find/" class="menu-link px-2" target="_blank"><img src="/media/social/linkedin.svg" width="40" height="40"/></a> </li> <li class="menu-item"> <a href="https://www.facebook.com/people/CVE-Find-Alert/61561116452093/" class="menu-link px-2" target="_blank"><img src="/media/social/facebook.svg" width="40" height="40"/></a> </li> <li class="menu-item"> <a href="https://x.com/cvefindcom" class="menu-link px-2" target="_blank"><img src="/media/social/twitter.svg" width="40" height="40"/></a> </li> </ul> </div> </div> </div> </div> </div> <!--begin::Javascript--> <script>var hostUrl = "assets/";</script> <!--begin::Global Javascript Bundle(mandatory for all pages)--> <script src="/plugins/global/plugins.bundle.js"></script> <script src="/js/scripts.bundle.js"></script> <!--end::Global Javascript Bundle--> <script src="/js/app/custom.min.js"></script> <script src="/js/app/base.js.php"></script> <!--begin::Vendors Javascript(used for this page only)--> <script src='https://www.cvefind.com/plugins/custom/datatables/datatables.bundle.js'></script> <script src="/js/app/account/manageAlertNeedAccount.min.js"></script> <!--end::Custom Javascript--> <!-- Specific Page JS --> <script> window.GDPR_CONFIG = { ga4_id: "G-BK1SCP8YYK", ads_id: "", crisp_id: "c2aa12b4-4ff3-4ba0-ab93-e73a8d1719e7", crisp_theme: "light_blue", crisp_segment: "cvefind", crisp_lg: "en", clarity_id: "q218yad99s", debug: false }; </script> <script async src="https://www.googletagmanager.com/gtag/js"></script> <script src="/js/cookies-manager.min.js"></script> <script src="/vendor/gdpr/cookiesconsent.min.js"></script> <script> const header_content = "<h2>Cookie Management</h2><p>Customize your cookie preferences to control the information collected and enhance your experience on our site. You can accept or reject each cookie according to your needs.</p>" const footer_content = "<p>Your cookie preferences can be changed at any time through this interface.</p>" const message_main = "<p>This site uses cookies, including third-party cookies, for various purposes, such as statistical analysis and enhancing your user experience. You have the option to configure the use of each category of cookies individually according to your preferences.</p>" const cc = CookiesConsentJS({ expirationDays: 365, buttons : ["reject", "accept", "settings", "dismiss"], content : { title : "This Website uses cookies!", message : message_main, policy : "Privacy Policy", policyLink : "/en/gdpr.html", btnAccept: "Accept all cookies", btnReject: "Reject all cookies", btnSettings: "Configure cookies", btnDismiss: "Cookies", btnSettingsSelectAll: "Select all", btnSettingsUnselectAll: "Unselect all", btnSettingsAccept: "Accept selection", settingsHeader: header_content, settingsFooter: footer_content, }, cookies: { statistics: { name: "rgpdGoogleAnalytics", title: "Statistics - Google Analytics", description: "<p>The cookies used by Google Analytics allow us to measure the traffic and/or audience of our website, analyze the visited pages, and evaluate the interactions performed. If you refuse these cookies, the data will be anonymized and used solely for statistical purposes without allowing individual identification.</p>", }, crisp: { name: "rgpdCrisp", title: "Chat - Crisp", description: "<p>Crisp is a live chat tool integrated into this site, allowing real-time communication with our team to answer your questions or assist you. This tool may collect information such as your IP address, browsing data, or the messages you send, in order to improve the quality of our interactions and better address your needs.</p>", }, clarity: { name: "rgpdClarity", title: "Chat - Crisp", description: "<p>Clarity.ms is an analytics tool offered by Microsoft, designed to understand and optimize the user experience on a website. It collects anonymized data on visitor behavior, such as clicks, scrolling, or interaction areas. This information helps identify areas for improvement to make the site more intuitive and efficient.</p>", }, preferences: { name: "rgpdPreferences", title: "Preference cookies", description: "<p>Session and configuration cookies are essential for the proper functioning of this site. They allow, for example, maintaining your login, remembering your preferences, or ensuring the security of interactions. These cookies do not collect personal data for advertising purposes and cannot be disabled, as they are necessary to ensure an optimal user experience and the technical operation of the site.</p>", checked: true, disabled: true, }, }, callback: { first_load: "cookieManager.first_load", accept: "cookieManager.accept", reject: "cookieManager.reject", load: "cookieManager.load" } }); </script> <!--end::Javascript--> </body> </html> <script src="/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js" data-cf-settings="463f678cf48e16005b85f880-\|49" defer></script>

CKEditor 4.14.0 for Node.js

CPE Details

CPE Name: cpe:2.3:a:ckeditor:ckeditor:4.14.0:*:*:*:*:node.js:*:*

Informations

Vendor

Product

Version

Target Software

Related CVE

CPE Name: cpe:2.3:a:ckeditor:ckeditor:4.14.0:::::node.js::