CVE-2021-41165

medium

Published 2021-11-17 · Modified 2026-03-13

CVSS v3

—

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

CVSS v2

—

VIR risk

5.5

Description

HTML comments vulnerability allowing to execute JavaScript code

Exploit likelihood

30%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2021-41165

OS	Version	Status	Fixed in
arch		fixed	`9.2.9-1`
debian	bookworm	fixed	`4.19.0+dfsg-1`
debian	bullseye	affected

Ecosystem	Package	Vulnerable	Fixed
RubyGems	ckeditor	`<>= 5.1.2`	`>= 5.1.2`
npm	ckeditor4	`<4.17.0`	`4.17.0`
Packagist	ckeditor/ckeditor	`<4.17.0`	`4.17.0`

Verify integrity in audit chain (admin only). AS-IS.