FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

drupal -- Drupal core - Moderately critical

Affected packages
drupal8 < 8.5.2

Details

VuXML ID 33174280-43fa-11e8-aad5-6cf0497db129
Discovery 2018-04-18
Entry 2018-04-19

The Drupal security team reports:

CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses).

References

URL https://www.drupal.org/sa-core-2018-003