Security News > 2018 > April > Drupal 8 Updated to Patch Flaw in WYSIWYG Editor

Drupal 8 Updated to Patch Flaw in WYSIWYG Editor
2018-04-19 11:41

Updates released on Wednesday for Drupal 8 patch a moderately critical cross-site scripting (XSS) vulnerability affecting a third-party JavaScript library. The flaw impacts CKEditor, a WYSIWYG HTML editor included in the Drupal core. CKEditor exposes users to XSS attacks due to a flaw in the Enhanced Image (image2) plugin. read more


News URL

http://feedproxy.google.com/~r/Securityweek/~3/8SQM_3C7DLQ/drupal-8-updated-patch-flaw-wysiwyg-editor

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Drupal 15 0 66 45 14 125