CVE-2018-9861

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-9861
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-9861.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-9861
Aliases
Related
Published
2018-04-19T17:29:00Z
Modified
2024-10-12T04:11:29.876839Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element.

References

Affected packages

Git / github.com/ckeditor/ckeditor-dev

Affected ranges

Type
GIT
Repo
https://github.com/ckeditor/ckeditor-dev
Events
Type
GIT
Repo
https://github.com/drupal/drupal
Events

Affected versions

4.*

4.5.10
4.5.11
4.6.0
4.6.1
4.6.2
4.7.0
4.7.1
4.7.2
4.7.3
4.8.0
4.9.0
4.9.1

8.*

8.0.0
8.1.0-beta1
8.4.0
8.4.0-alpha1
8.4.0-beta1
8.4.0-rc1
8.4.0-rc2
8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.4.6