Drupal Releases Security Updates
by CIRT Team
Description: CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses).
We would like to thank the CKEditor team for patching the vulnerability and coordinating the fix and release process, and matching the Drupal core security window.
Impact: An attacker could exploit this vulnerability to take control of an affected system.
Mitigation: Apply an update. Please see the references or vendor advisory for more information.
Reference URL’s:
Recommended Posts
Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers
08 Feb 2024 - Articles, English articles, Security Advisories & Alerts
Subscribe here
MEMBER OF:
