Security News

A potentially serious cross-site scripting vulnerability affecting the TinyMCE rich text editor can be exploited - depending on the implementation - for privilege escalation, obtaining information, or account takeover. Researchers at Bishop Fox discovered in April that TinyMCE is affected by an XSS vulnerability whose impact depends on the application using the editor.

Updates released on Wednesday for Drupal 8 patch a moderately critical cross-site scripting (XSS) vulnerability affecting a third-party JavaScript library. The flaw impacts CKEditor, a WYSIWYG...