Security News > 2018 > April > Drupal 8 Updated to Patch Flaw in WYSIWYG Editor
2018-04-19 11:41
Updates released on Wednesday for Drupal 8 patch a moderately critical cross-site scripting (XSS) vulnerability affecting a third-party JavaScript library. The flaw impacts CKEditor, a WYSIWYG HTML editor included in the Drupal core. CKEditor exposes users to XSS attacks due to a flaw in the Enhanced Image (image2) plugin. read more