EUVD-2022-3914

Malicious code in bioql PyPI...

Drupal 8.5.x < 8.5.2 Enhanced Image Plugin XSS

According to its self-reported version number, the detected Drupal application is affected by a cross-site scripting XSS vulnerability in the Enhanced Image aka image2 plugin for CKEditor. Note that the scanner has not tested for these issues but has instead relied only on the application's...

CKEditor 4.5.11 < 4.9.2 Enhanced Image Plugin XSS

The version of CKEditor installed on the remote host is affected by a cross-site scripting vulnerability. The included 'Enhanced Image' plugin causes CKEditor to fail to properly sanitize user-supplied input. A remote, unauthenticated attacker can leverage this issue to inject arbitrary HTML and...

Cross-site Scripting (XSS)

ckeditor-dev is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through the tags. This vulnerability requires the Enhanced Image plugin to be installed...

UBUNTU-CVE-2018-9861

Cross-site scripting XSS vulnerability in the Enhanced Image aka image2 plugin for CKEditor in versions 4.5.10 through 4.9.1; fixed in 4.9.2, as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG...

CVE-2018-9861

Cross-site scripting XSS vulnerability in the Enhanced Image aka image2 plugin for CKEditor in versions 4.5.10 through 4.9.1; fixed in 4.9.2, as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG...

Cross site scripting

Cross-site scripting XSS vulnerability in the Enhanced Image aka image2 plugin for CKEditor in versions 4.5.10 through 4.9.1; fixed in 4.9.2, as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG...