CVE-2021-33829

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-33829
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33829.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-33829
Aliases
Downstream
Published
2021-06-09T12:15:07.863Z
Modified
2026-03-15T13:45:05.546365Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled.

References

Affected packages

Git / github.com/ckeditor/ckeditor-releases

Affected ranges

Type
GIT
Repo
https://github.com/ckeditor/ckeditor-releases
Events
Introduced
0d574568baeddda92f231681ea5aac4860dca4e4
Fixed
a0d9ddd4b80b3dcc1d1bc8c2acc2d43e4c96b660
Database specific 
{
    "versions": [
        {
            "introduced": "4.14.0"
        },
        {
            "fixed": "4.16.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/drupal/drupal
Events
Introduced
a412ca41cfc0d954fe3cb2dd982dc6ca049b1c70
Fixed
1667e06929722a8d913ef989cc00f70a38129d6d
Introduced
d62812dc17ce593beb2ccd4cdbee1a76c95e3fd7
Fixed
ac80ed0600b9437c5959d3293cdbc67be0b7d320
Introduced
5c6f14f762c9aef87cd2731818386f202ee8463c
Fixed
c1b981a183d874efbc3cd211373067b574c8f1cb
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
d62812dc17ce593beb2ccd4cdbee1a76c95e3fd7
Database specific 
{
    "versions": [
        {
            "introduced": "8.9.0"
        },
        {
            "fixed": "8.9.16"
        },
        {
            "introduced": "9.0.0"
        },
        {
            "fixed": "9.0.14"
        },
        {
            "introduced": "9.1.0"
        },
        {
            "fixed": "9.1.9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        }
    ]
}

Affected versions

9.*
9.0.0
9.0.1
9.0.10
9.0.11
9.0.12
9.0.13
9.0.2
9.0.3
9.0.5
9.0.6
9.0.7
9.0.8
9.0.9
standard/4.*
standard/4.14.0
standard/4.14.1
standard/4.15.0
standard/4.15.1
standard/4.16.0

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "34"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "35"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33829.json"