EUVD-2022-3914

Malicious code in bioql PyPI...

Fedora 29 : ckeditor (2019-ae7f274d24)

CKEditor 4.11.2 Fixed Issues : - 2403: Fixed: Styling inline editor initialized inside a table with the Table Selection plugin is causing style leaks. - 2514: Fixed: Pasting table data into inline editor initialized inside a table with the Table Selection plugin inserts pasted content into the...

Fedora 28 : ckeditor (2018-107dbc8cf4)

4.9.2 https://ckeditor.com/cke4/release/CKEditor-4.9.2 Security Updates - Fixed XSS vulnerability in the Enhanced Image image2 plugin reported by Kyaw Min Thein. - Issue summary: It was possible to execute XSS inside CKEditor using the tag and specially crafted HTML. Please note that the default...

Drupal 8.5.x < 8.5.2 Enhanced Image Plugin XSS

According to its self-reported version number, the detected Drupal application is affected by a cross-site scripting XSS vulnerability in the Enhanced Image aka image2 plugin for CKEditor. Note that the scanner has not tested for these issues but has instead relied only on the application's...

Drupal CKEditor Enhanced Image plugin cross-site scripting vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.CKEditor is one of the text editors.Enhanced Image aka image2 is one of the image enhancement plugins. A cross-site scripting vulnerability exists in the Enhanced Image plugin in Drupal...

Fedora 26 : ckeditor (2018-1361f39801)

4.9.2 https://ckeditor.com/cke4/release/CKEditor-4.9.2 Security Updates - Fixed XSS vulnerability in the Enhanced Image image2 plugin reported by Kyaw Min Thein. - Issue summary: It was possible to execute XSS inside CKEditor using the tag and specially crafted HTML. Please note that the default...

Fedora 27 : ckeditor (2018-e29c7d10da)

4.9.2 https://ckeditor.com/cke4/release/CKEditor-4.9.2 Security Updates - Fixed XSS vulnerability in the Enhanced Image image2 plugin reported by Kyaw Min Thein. - Issue summary: It was possible to execute XSS inside CKEditor using the tag and specially crafted HTML. Please note that the default...

CKEditor 4.5.11 < 4.9.2 Enhanced Image Plugin XSS

The version of CKEditor installed on the remote host is affected by a cross-site scripting vulnerability. The included 'Enhanced Image' plugin causes CKEditor to fail to properly sanitize user-supplied input. A remote, unauthenticated attacker can leverage this issue to inject arbitrary HTML and...

Cross-site Scripting (XSS)

ckeditor-dev is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through the tags. This vulnerability requires the Enhanced Image plugin to be installed...

UBUNTU-CVE-2018-9861

Cross-site scripting XSS vulnerability in the Enhanced Image aka image2 plugin for CKEditor in versions 4.5.10 through 4.9.1; fixed in 4.9.2, as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG...

CVE-2018-9861

Cross-site scripting XSS vulnerability in the Enhanced Image aka image2 plugin for CKEditor in versions 4.5.10 through 4.9.1; fixed in 4.9.2, as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG...

Cross site scripting

Cross-site scripting XSS vulnerability in the Enhanced Image aka image2 plugin for CKEditor in versions 4.5.10 through 4.9.1; fixed in 4.9.2, as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG...

CVE-2018-9861

Cross-site scripting XSS vulnerability in the Enhanced Image aka image2 plugin for CKEditor in versions 4.5.10 through 4.9.1; fixed in 4.9.2, as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG...

Another Critical Flaw Found In Drupal Core—Patch Your Sites Immediately

It's time to update your Drupal websites, once again. For the second time within a month, Drupal has been found vulnerable to another critical vulnerability that could allow remote attackers to pull off advanced attacks including cookie theft, keylogging, phishing and identity theft. Discovered b...