CVE-2021-41165

Name of the Vulnerable Software and Affected Versions CKEditor 4 versions prior to 4.17.0

Description A vulnerability has been discovered in the core HTML processing module of CKEditor 4, which may affect all plugins used by the editor. This issue allows an attacker to inject malformed comments HTML, bypassing content sanitization, and potentially executing JavaScript code. The problem affects all users using CKEditor 4 at version prior to 4.17.0.

Recommendations For CKEditor 4 versions prior to 4.17.0, update to version 4.17.0 to resolve the issue. As a temporary workaround, consider disabling the HTML processing core module until a patch is available. Restrict access to the editor's plugins to minimize the risk of exploitation. Avoid using the editor until the issue is resolved.