CVE-2021-32808

Name of the Vulnerable Software and Affected Versions CKEditor 4 versions 4.13.0 through 4.16.1

Description A vulnerability has been discovered in the clipboard Widget plugin when used alongside the undo feature in CKEditor 4. This issue allows a user to abuse undo functionality using malformed widget HTML, potentially resulting in the execution of JavaScript code. The problem affects all users of the CKEditor 4 plugins at version 4.13.0 and later.

Recommendations For CKEditor 4 versions 4.13.0 through 4.16.1, update to version 4.16.2 to resolve the issue. As a temporary workaround, consider disabling the undo feature when using the clipboard Widget plugin until a patch is available.