Security News > 2016 > September > Restriction Bypass, XSS Flaws Patched in Drupal 8 (SecurityWeek)