CVE-2021-37695

Name of the Vulnerable Software and Affected Versions CKEditor 4 versions prior to 4.16.2

Description A potential vulnerability has been discovered in the CKEditor 4 [Fake Objects] package, allowing the injection of malformed Fake Objects HTML, which could result in executing JavaScript code. This issue affects all users using the CKEditor 4 plugins listed, including [Fake Objects], [Link], [Flash], [Iframe], [Forms], and [Page Break], at versions prior to 4.16.2.

Recommendations For CKEditor 4 versions prior to 4.16.2, update to version 4.16.2 to resolve the issue. As a temporary workaround, consider disabling the use of the [Fake Objects] plugin until the patch is applied. Restrict access to the affected plugins to minimize the risk of exploitation. Avoid using the affected plugins in the CKEditor 4 package until the issue is resolved.