Package "ckeditor"
Name: |
ckeditor
|
Description: |
text editor which can be embedded into web pages
|
Latest version: |
4.12.1+dfsg-1ubuntu0.1 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
universe |
Homepage: |
http://ckeditor.com |
Links
Download "ckeditor"
Other versions of "ckeditor" in Focal
Changelog
ckeditor (4.12.1+dfsg-1ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: code injection in HTML data processor
- debian/patches/CVE-2021-33829.patch: treat --!> as a valid comment
end tag in core/htmlparser.js
- CVE-2021-33289
- CVE-2020-9281
* SECURITY UPDATE: HTML injection in clipboard plugin
- debian/patches/CVE-2021-32809.patch: clean unwanted characters and
tags from clipboard data in plugins/clipboard/plugin.js
- CVE-2021-32809
* SECURITY UPDATE: code injection through fake objects.
- debian/patches/CVE-2021-37695.patch: perform filtering over the
content used to restore real element in fakeobjects/plugin.js.
- CVE-2021-37695
-- David Fernandez Gonzalez <email address hidden> Fri, 18 Mar 2022 11:27:31 +0100
|
CVE-2021-33829 |
A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to in |
CVE-2021-33289 |
In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for cod |
CVE-2020-9281 |
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web sc |
CVE-2021-32809 |
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](htt |
CVE-2021-37695 |
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects]( |
|
About
-
Send Feedback to @ubuntu_updates