2018-04-19 19:29:00 2019-07-18 15:15:10

Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE
Drupal Drupal 8.1.5 (not an official CPE) Drupal Drupal 8.1.4 (not an official CPE) Drupal Drupal 8.1.3 (not an official CPE) Drupal Drupal 8.1.2 (not an official CPE) Drupal Drupal 8.1.1 (not an official CPE) Drupal Drupal 8.1.0 Rc1 (not an official CPE) Drupal Drupal 8.1.0 Beta2 (not an official CPE) Drupal Drupal 8.1.0 Beta1 (not an official CPE) Drupal Drupal 8.1.0 - (not an official CPE) Drupal Drupal 8.1.0 (not an official CPE) Drupal Drupal 8.0.6 (not an official CPE) Drupal Drupal 8.0.5 (not an official CPE) Drupal Drupal 8.0.4 (not an official CPE) Drupal Drupal 8.0.3 (not an official CPE) Drupal Drupal 8.5.1 (not an official CPE) Drupal Drupal 8.5.0 Rc1 (not an official CPE) Drupal Drupal 8.5.0 Beta1 (not an official CPE) Drupal Drupal 8.5.0 - (not an official CPE) Drupal Drupal 8.5.0 Alpha1 (not an official CPE) Drupal Drupal 8.5.0 (not an official CPE) Drupal Drupal 8.4.6 (not an official CPE) Drupal Drupal 8.4.5 (not an official CPE) Drupal Drupal 8.4.2 (not an official CPE) Drupal Drupal 8.4.3 (not an official CPE) Drupal Drupal 8.4.4 (not an official CPE) Drupal Drupal 8.4.0 Rc2 (not an official CPE) Drupal Drupal 8.4.1 (not an official CPE) Drupal Drupal 8.4.0 Rc1 (not an official CPE) Drupal Drupal 8.4.0 Alpha1 (not an official CPE) Drupal Drupal 8.4.0 Beta1 (not an official CPE) Drupal Drupal 8.4.0 - (not an official CPE) Drupal Drupal 8.3.9 (not an official CPE) Drupal Drupal 8.4.0 (not an official CPE) Drupal Drupal 8.3.7 (not an official CPE) Drupal Drupal 8.3.8 (not an official CPE) Drupal Drupal 8.3.5 (not an official CPE) Drupal Drupal 8.3.6 (not an official CPE) Drupal Drupal 8.3.4 (not an official CPE) Drupal Drupal 8.3.2 (not an official CPE) Drupal Drupal 8.3.3 (not an official CPE) Drupal Drupal 8.3.1 (not an official CPE) Drupal Drupal 8.3.0 Rc1 (not an official CPE) Drupal Drupal 8.3.0 Rc2 (not an official CPE) Drupal Drupal 8.3.0 Alpha1 (not an official CPE) Drupal Drupal 8.3.0 Beta1 (not an official CPE) Drupal Drupal 8.3.0 - (not an official CPE) Drupal Drupal 8.3.0 (not an official CPE) Drupal Drupal 8.2.8 (not an official CPE) Drupal Drupal 8.2.7 (not an official CPE) Drupal Drupal 8.2.6 (not an official CPE) Drupal Drupal 8.2.5 (not an official CPE) Drupal Drupal 8.2.4 (not an official CPE) Drupal Drupal 8.2.3 (not an official CPE) Drupal Drupal 8.2.0 Rc2 (not an official CPE) Drupal Drupal 8.2.1 (not an official CPE) Drupal Drupal 8.2.2 (not an official CPE) Drupal Drupal 8.2.0 Beta3 (not an official CPE) Drupal Drupal 8.2.0 Rc1 (not an official CPE) Drupal Drupal 8.2.0 Beta2 (not an official CPE) Drupal Drupal 8.2.0 - (not an official CPE) Drupal Drupal 8.2.0 Beta1 (not an official CPE) Drupal Drupal 8.1.8 (not an official CPE) Drupal Drupal 8.1.9 (not an official CPE) Drupal Drupal 8.1.10 (not an official CPE) Drupal Drupal 8.2.0 (not an official CPE) Drupal Drupal 8.1.6 (not an official CPE) Drupal Drupal 8.1.7 (not an official CPE) Drupal Drupal 8.0.2 (not an official CPE) Drupal Drupal 8.0.1 (not an official CPE) Drupal Drupal 8.0.0 Rc4 (not an official CPE) Drupal Drupal 8.0.0 Rc3 (not an official CPE) Drupal Drupal 8.0.0 Rc2 (not an official CPE) Drupal Drupal 8.0.0 Rc1 (not an official CPE) Drupal Drupal 8.0.0 Beta9 (not an official CPE) Drupal Drupal 8.0.0 Beta7 (not an official CPE) Drupal Drupal 8.0.0 Beta6 (not an official CPE) Drupal Drupal 8.0.0 Beta4 (not an official CPE) Drupal Drupal 8.0.0 Beta3 (not an official CPE) Drupal Drupal 8.0.0 Beta2 (not an official CPE) Drupal Drupal 8.0.0 Beta16 (not an official CPE) Drupal Drupal 8.0.0 Beta15 (not an official CPE) Drupal Drupal 8.0.0 Beta14 (not an official CPE) Drupal Drupal 8.0.0 Beta13 (not an official CPE) Drupal Drupal 8.0.0 Beta12 (not an official CPE) Drupal Drupal 8.0.0 Beta11 (not an official CPE) Drupal Drupal 8.0.0 Beta10 (not an official CPE) Drupal Drupal 8.0.0 Beta1 (not an official CPE) Drupal Drupal 8.0.0 Alpha9 (not an official CPE) Drupal Drupal 8.0.0 Alpha8 (not an official CPE) Drupal Drupal 8.0.0 Alpha7 (not an official CPE) Drupal Drupal 8.0.0 Alpha6 (not an official CPE) Drupal Drupal 8.0.0 Alpha5 (not an official CPE) Drupal Drupal 8.0.0 Alpha4 (not an official CPE) Drupal Drupal 8.0.0 Alpha3 (not an official CPE) Drupal Drupal 8.0.0 Alpha2 (not an official CPE) Drupal Drupal 8.0.0 Alpha15 (not an official CPE) Drupal Drupal 8.0.0 Alpha14 (not an official CPE) Drupal Drupal 8.0.0 Alpha13 (not an official CPE) Drupal Drupal 8.0.0 Alpha12 (not an official CPE) Drupal Drupal 8.0.0 Alpha11 (not an official CPE) Drupal Drupal 8.0.0 Alpha10 (not an official CPE) Drupal Drupal 8.0.0 (not an official CPE) Ckeditor Enhanced image 4.9.1 ~~~ckeditor~~ (not an official CPE) Ckeditor Enhanced image 4.9.0 ~~~ckeditor~~ (not an official CPE) Ckeditor Enhanced image 4.8.0 ~~~ckeditor~~ (not an official CPE) Ckeditor Enhanced image 4.7.3 ~~~ckeditor~~ (not an official CPE) Ckeditor Enhanced image 4.7.2 ~~~ckeditor~~ (not an official CPE) Ckeditor Enhanced image 4.7.1 ~~~ckeditor~~ (not an official CPE) Ckeditor Enhanced image 4.7.0 ~~~ckeditor~~ (not an official CPE) Ckeditor Enhanced image 4.6.2 ~~~ckeditor~~ (not an official CPE) Ckeditor Enhanced image 4.6.1 ~~~ckeditor~~ (not an official CPE) Ckeditor Enhanced image 4.6.0 ~~~ckeditor~~ (not an official CPE) Ckeditor Enhanced image 4.5.11 ~~~ckeditor~~ (not an official CPE) Ckeditor Enhanced image 4.5.10 ~~~ckeditor~~ (not an official CPE)