Drupal core – Moderately critical – Cross Site Scripting – SA-CORE-2018-003

Drupal has released updates addressing a vulnerability in Drupal 8 and 7. A remote attacker could exploit this vulnerability to gain access to sensitive information. CDSBureau encourages Drupal users to review the following information and update their Drupal installation as soon as possible.
Date: 2018-April-18

CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses). More info.

Leave a Reply

Your email address will not be published. Required fields are marked *