Drupal security update addresses XSS vulnerability

Drupal issued a new security update (SA-CORE-2018-003) for Drupal core (versions 7 and 8) to address a moderately critical cross-site scripting (XSS) vulnerability. CKEditor is a third-party JavaScript library included in Drupal core.

According to the update, it is possible for an attacker to execute XSS inside CKEditor when using the ‘image2’ plugin (which Drupal 8 core also uses).

Leave a Reply