Maurice Dauer

4 exploits Active since Jan 2021
CVE-2021-26271 WRITEUP MEDIUM WRITEUP
CKEditor 4 < 4.16 - Regular Expression Denial of Service via Styles Input Dialog
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
CVSS 6.5
CVE-2021-26272 WRITEUP MEDIUM WRITEUP
CKEditor 4.0-4.15 - Regular Expression Denial of Service via Autolink Plugin
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
CVSS 6.5
CVE-2021-41164 WRITEUP HIGH WRITEUP
CKEditor 4 < 4.17.0 - Stored Cross-Site Scripting via Advanced Content Filter Bypass
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.
CVSS 8.2
CVE-2021-41165 WRITEUP HIGH WRITEUP
CKEditor < 4.17.0 - Stored Cross-Site Scripting via Malformed HTML Comment Bypass
CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.
CVSS 8.2