Lucene search
GoogleOSV:GHSA-G78H-PF65-46RVHistoryMay 14, 2022 - 12:56 a.m.
Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)
2022-05-1400:56:02
Google
osv.dev
14
image plugin
ckeditor
cross-site scripting
vulnerable
remote attackers
arbitrary web script
img element
drupal 8
The Enhanced Image (aka image2) plugin for CKEditor in versions 4.5.10 through 4.9.1; fixed in 4.9.2, and as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, is vulnerable to cross-site scripting because it allows remote attackers to inject arbitrary web script through a crafted IMG element.
References
www.securityfocus.com/bid/103924
github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md
github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2018-9861.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/drupal/drupal/CVE-2018-9861.yaml
nvd.nist.gov/vuln/detail/CVE-2018-9861
www.drupal.org/sa-core-2018-003
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Related
osv
osv
CVE-2018-9861
2018-04-19 17:29:00
ckeditor vulnerabilities
2022-03-22 16:43:31
ckeditor vulnerabilities
2022-03-23 08:57:25
nessus
nessus
CKEditor 4.5.11 < 4.9.2 Enhanced Image Plugin XSS
2018-04-27 00:00:00
Fedora 28 : ckeditor (2019-31ad8a36d8)
2019-03-07 00:00:00
Fedora 27 : drupal8 (2018-1ba93b3144) (Drupalgeddon 2)
2018-05-11 00:00:00
openvas
openvas
Drupal Cross Site Scripting Vulnerability (SA-CORE-2018-003) - Windows
2018-04-19 00:00:00
Drupal Cross Site Scripting Vulnerability (SA-CORE-2018-003) - Linux
2018-04-19 00:00:00
Fedora Update for ckeditor FEDORA-2019-31ad8a36d8
2019-03-07 00:00:00
nvd
nvd
CVE-2018-9861
2018-04-19 17:29:00
friendsofphp
friendsofphp
Moderately critical - Cross Site Scripting
1970-01-01 00:00:00
Moderately critical - Cross Site Scripting
1970-01-01 00:00:00
prion
prion
Cross site scripting
2018-04-19 17:29:00
cvelist
cvelist
CVE-2018-9861
2018-04-19 17:00:00
github
github
ubuntucve
ubuntucve
CVE-2018-9861
2018-04-19 00:00:00
cve
cve
CVE-2018-9861
2018-04-19 17:29:00
fedora
fedora
[SECURITY] Fedora 29 Update: ckeditor-4.11.2-1.fc29
2019-03-06 06:59:00
[SECURITY] Fedora 28 Update: ckeditor-4.11.2-1.fc28
2019-03-06 15:29:01
[SECURITY] Fedora 27 Update: drupal8-8.4.8-1.fc27
2018-05-10 19:13:53
ubuntu
ubuntu
CKEditor vulnerabilities
2022-03-23 00:00:00
CKEditor vulnerabilities
2022-03-22 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2019
2019-07-16 00:00:00