Maurice Dauer

4 exploits Active since Jan 2021
CVE-2021-26271 WRITEUP MEDIUM WRITEUP
Ckeditor < 4.16 - Denial of Service
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
CVSS 6.5
CVE-2021-26272 WRITEUP MEDIUM WRITEUP
Ckeditor < 4.16 - Denial of Service
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
CVSS 6.5
CVE-2021-41164 WRITEUP HIGH WRITEUP
CKEditor4 <4.17.0 - XSS
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.
CVSS 8.2
CVE-2021-41165 WRITEUP HIGH WRITEUP
CKEditor4 <4.17.0 - XSS
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.
CVSS 8.2