Lucene search

CVE-2018-9861

🗓️ 19 Apr 2018 17:00:29Reported by [email protected]Type

XSS vulnerability in CKEditor Enhanced Image plugin allows remote script injection

Reporter	Title	Published	Views	Family All 41
Tenable Nessus	CKEditor 4.5.11 < 4.9.2 Enhanced Image Plugin XSS	27 Apr 201800:00	–	nessus
Tenable Nessus	Fedora 28 : ckeditor (2019-31ad8a36d8)	7 Mar 201900:00	–	nessus
Tenable Nessus	Fedora 28 : drupal8 (2018-8fd924a53d) (Drupalgeddon 2)	3 Jan 201900:00	–	nessus
Tenable Nessus	Fedora 27 : drupal8 (2018-1ba93b3144) (Drupalgeddon 2)	11 May 201800:00	–	nessus
Tenable Nessus	Fedora 29 : ckeditor (2019-ae7f274d24)	6 Mar 201900:00	–	nessus
Tenable Nessus	Ubuntu 16.04 ESM : CKEditor vulnerabilities (USN-5340-2)	23 Oct 202300:00	–	nessus
Tenable Nessus	Ubuntu 18.04 LTS / 20.04 LTS : CKEditor vulnerabilities (USN-5340-1)	22 Mar 202200:00	–	nessus
OSV	CVE-2018-9861	19 Apr 201817:29	–	osv
OSV	Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)	14 May 202200:56	–	osv
OSV	ckeditor vulnerabilities	22 Mar 202216:43	–	osv

Nvd

Node

ckeditor enhanced_imageRange4.5.10–4.9.2ckeditor

Node

drupal drupalRange8.0.0–8.4.7

drupal drupalRange8.5.0–8.5.2

Source	Link
securityfocus	www.securityfocus.com/bid/103924
oracle	www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
github	www.github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md
drupal	www.drupal.org/sa-core-2018-003

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

19 Apr 2018 17:29Current

6.2Medium risk

Vulners AI Score6.2

CVSS24.3

CVSS36.1

EPSS0.00164

CWE-79