CVE-2018-9861 – Ubuntu Security Notice USN-5340-1

https://notcve.org/view.php?id=CVE-2018-9861

19 Apr 2018 — Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element. Vulnerabilidad Cross-Site Scripting (XSS) en el plugin Enhanced Image (también conocido como image2) para CKEditor (de la versión 4.5.10 a la 4.9.1; solucionado en la versión 4.9.2), tal y como se emple... • http://www.securityfocus.com/bid/103924 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •