Drupal has released updates addressing a vulnerability in Drupal 8 and 7. A remote attacker could exploit this vulnerability to gain access to sensitive information. CDSBureau encourages Drupal users to review the following information and update their Drupal installation as soon as possible.
Date: 2018-April-18
CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2
plugin (which Drupal 8 core also uses). More info.