English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

DNA View

CVE-2018-9861

Low
Low Medium High Critical
CVSS Score
Published: Apr 19, 2018
Last Modified: Nov 21, 2024
CWE: CWE-79

Vulnerability Description

Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element.

Known Affected Software

59 configuration(s) from 2 vendor(s)

enhanced_image
Version:
4.9.0
CPE:
cpe:2.3:a:ckeditor:enhanced_image:4.9.0:*:*:*:*:ckeditor:*:*
enhanced_image
Version:
4.6.0
CPE:
cpe:2.3:a:ckeditor:enhanced_image:4.6.0:*:*:*:*:ckeditor:*:*
enhanced_image
Version:
4.8.0
CPE:
cpe:2.3:a:ckeditor:enhanced_image:4.8.0:*:*:*:*:ckeditor:*:*
enhanced_image
Version:
4.7.3
CPE:
cpe:2.3:a:ckeditor:enhanced_image:4.7.3:*:*:*:*:ckeditor:*:*
enhanced_image
Version:
4.6.2
CPE:
cpe:2.3:a:ckeditor:enhanced_image:4.6.2:*:*:*:*:ckeditor:*:*
enhanced_image
Version:
4.9.1
CPE:
cpe:2.3:a:ckeditor:enhanced_image:4.9.1:*:*:*:*:ckeditor:*:*
enhanced_image
Version:
4.7.0
CPE:
cpe:2.3:a:ckeditor:enhanced_image:4.7.0:*:*:*:*:ckeditor:*:*
enhanced_image
Version:
4.6.1
CPE:
cpe:2.3:a:ckeditor:enhanced_image:4.6.1:*:*:*:*:ckeditor:*:*
enhanced_image
Version:
4.5.10
CPE:
cpe:2.3:a:ckeditor:enhanced_image:4.5.10:*:*:*:*:ckeditor:*:*
enhanced_image
Version:
4.7.1
CPE:
cpe:2.3:a:ckeditor:enhanced_image:4.7.1:*:*:*:*:ckeditor:*:*
enhanced_image
Version:
4.5.11
CPE:
cpe:2.3:a:ckeditor:enhanced_image:4.5.11:*:*:*:*:ckeditor:*:*
enhanced_image
Version:
4.7.2
CPE:
cpe:2.3:a:ckeditor:enhanced_image:4.7.2:*:*:*:*:ckeditor:*:*
drupal
Version:
8.0
CPE:
cpe:2.3:a:drupal:drupal:8.0:alpha10:*:*:*:*:*:*
drupal
Version:
8.3.8
CPE:
cpe:2.3:a:drupal:drupal:8.3.8:*:*:*:*:*:*:*
drupal
Version:
8.4.5
CPE:
cpe:2.3:a:drupal:drupal:8.4.5:*:*:*:*:*:*:*
drupal
Version:
8.2.2
CPE:
cpe:2.3:a:drupal:drupal:8.2.2:*:*:*:*:*:*:*
drupal
Version:
8.4.2
CPE:
cpe:2.3:a:drupal:drupal:8.4.2:*:*:*:*:*:*:*
drupal
Version:
8.5.0
CPE:
cpe:2.3:a:drupal:drupal:8.5.0:-:*:*:*:*:*:*
drupal
Version:
8.1.10
CPE:
cpe:2.3:a:drupal:drupal:8.1.10:*:*:*:*:*:*:*
drupal
Version:
8.0.0
CPE:
cpe:2.3:a:drupal:drupal:8.0.0:beta10:*:*:*:*:*:*
drupal
Version:
8.1.4
CPE:
cpe:2.3:a:drupal:drupal:8.1.4:*:*:*:*:*:*:*
drupal
Version:
8.4.3
CPE:
cpe:2.3:a:drupal:drupal:8.4.3:*:*:*:*:*:*:*
drupal
Version:
8.1.2
CPE:
cpe:2.3:a:drupal:drupal:8.1.2:*:*:*:*:*:*:*
drupal
Version:
8.3.7
CPE:
cpe:2.3:a:drupal:drupal:8.3.7:*:*:*:*:*:*:*
drupal
Version:
8.3.9
CPE:
cpe:2.3:a:drupal:drupal:8.3.9:*:*:*:*:*:*:*
drupal
Version:
8.0.3
CPE:
cpe:2.3:a:drupal:drupal:8.0.3:*:*:*:*:*:*:*
drupal
Version:
8.0.2
CPE:
cpe:2.3:a:drupal:drupal:8.0.2:*:*:*:*:*:*:*
drupal
Version:
8.0.1
CPE:
cpe:2.3:a:drupal:drupal:8.0.1:*:*:*:*:*:*:*
drupal
Version:
8.2.5
CPE:
cpe:2.3:a:drupal:drupal:8.2.5:*:*:*:*:*:*:*
drupal
Version:
8.1.3
CPE:
cpe:2.3:a:drupal:drupal:8.1.3:*:*:*:*:*:*:*
drupal
Version:
8.4.1
CPE:
cpe:2.3:a:drupal:drupal:8.4.1:*:*:*:*:*:*:*
drupal
Version:
8.2.0
CPE:
cpe:2.3:a:drupal:drupal:8.2.0:-:*:*:*:*:*:*
drupal
Version:
8.1.7
CPE:
cpe:2.3:a:drupal:drupal:8.1.7:*:*:*:*:*:*:*
drupal
Version:
8.2.1
CPE:
cpe:2.3:a:drupal:drupal:8.2.1:*:*:*:*:*:*:*
drupal
Version:
8.3.6
CPE:
cpe:2.3:a:drupal:drupal:8.3.6:*:*:*:*:*:*:*
drupal
Version:
8.1.5
CPE:
cpe:2.3:a:drupal:drupal:8.1.5:*:*:*:*:*:*:*
drupal
Version:
8.0.4
CPE:
cpe:2.3:a:drupal:drupal:8.0.4:*:*:*:*:*:*:*
drupal
Version:
8.1.0
CPE:
cpe:2.3:a:drupal:drupal:8.1.0:-:*:*:*:*:*:*
drupal
Version:
8.4.6
CPE:
cpe:2.3:a:drupal:drupal:8.4.6:*:*:*:*:*:*:*
drupal
Version:
8.1.8
CPE:
cpe:2.3:a:drupal:drupal:8.1.8:*:*:*:*:*:*:*
drupal
Version:
8.0.5
CPE:
cpe:2.3:a:drupal:drupal:8.0.5:*:*:*:*:*:*:*
drupal
Version:
8.0.6
CPE:
cpe:2.3:a:drupal:drupal:8.0.6:*:*:*:*:*:*:*
drupal
Version:
8.3.5
CPE:
cpe:2.3:a:drupal:drupal:8.3.5:*:*:*:*:*:*:*
drupal
Version:
8.2.7
CPE:
cpe:2.3:a:drupal:drupal:8.2.7:*:*:*:*:*:*:*
drupal
Version:
8.1.9
CPE:
cpe:2.3:a:drupal:drupal:8.1.9:*:*:*:*:*:*:*
drupal
Version:
8.2.3
CPE:
cpe:2.3:a:drupal:drupal:8.2.3:*:*:*:*:*:*:*
drupal
Version:
8.2.4
CPE:
cpe:2.3:a:drupal:drupal:8.2.4:*:*:*:*:*:*:*
drupal
Version:
8.3.3
CPE:
cpe:2.3:a:drupal:drupal:8.3.3:*:*:*:*:*:*:*
drupal
Version:
8.2.6
CPE:
cpe:2.3:a:drupal:drupal:8.2.6:*:*:*:*:*:*:*
drupal
Version:
8.3.2
CPE:
cpe:2.3:a:drupal:drupal:8.3.2:*:*:*:*:*:*:*
drupal
Version:
8.2.8
CPE:
cpe:2.3:a:drupal:drupal:8.2.8:*:*:*:*:*:*:*
drupal
Version:
8.3.0
CPE:
cpe:2.3:a:drupal:drupal:8.3.0:-:*:*:*:*:*:*
drupal
Version:
8.3.1
CPE:
cpe:2.3:a:drupal:drupal:8.3.1:*:*:*:*:*:*:*
drupal
Version:
8.3.4
CPE:
cpe:2.3:a:drupal:drupal:8.3.4:*:*:*:*:*:*:*
drupal
Version:
8.5.1
CPE:
cpe:2.3:a:drupal:drupal:8.5.1:*:*:*:*:*:*:*
drupal
Version:
8.1.1
CPE:
cpe:2.3:a:drupal:drupal:8.1.1:*:*:*:*:*:*:*
drupal
Version:
8.4.4
CPE:
cpe:2.3:a:drupal:drupal:8.4.4:*:*:*:*:*:*:*
drupal
Version:
8.1.6
CPE:
cpe:2.3:a:drupal:drupal:8.1.6:*:*:*:*:*:*:*
drupal
Version:
8.4.0
CPE:
cpe:2.3:a:drupal:drupal:8.4.0:-:*:*:*:*:*:*
This vulnerability affects 59 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0
Low

Weakness Type (CWE)

CWE-79 Top 25 #1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Exploit Likelihood
High
Typical Severity
Medium
OWASP Top 10
A03:2021-Injection
Abstraction Level
Base
View CWE Details on MITRE

Key Information

Published Date
April 19, 2018

External Resources

NIST
NIST NVD
National Vulnerability Database
MT
MITRE CVE
Official CVE record