CVE-2021-41164

Name of the Vulnerable Software and Affected Versions CKEditor 4 versions prior to 4.17.0

Description The issue is related to the Advanced Content Filter (ACF) module in CKEditor 4, which fails to properly protect the structure of web pages. This allows a remote attacker to bypass existing access restriction policies for HTML elements. The vulnerability enables the injection of malformed HTML, bypassing content sanitization, and could result in the execution of JavaScript code.

Recommendations For versions prior to 4.17.0, update to version 4.17.0 to resolve the issue. As a temporary workaround, consider restricting the use of the Advanced Content Filter (ACF) module until the patch is applied. Avoid using the CKEditor 4 at versions less than 4.17.0 to minimize the risk of exploitation.