TTCSIRT-111.042518: TT-CSIRT Advisory – Drupal Security Updates

TTCSIRT-111.042518: TT-CSIRT Advisory – Drupal Security Updates

Drupal has released a security update stating that CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability.

The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses).

Further information on this vulnerability and how it can be mitigated can be found on the Drupal Website at https://www.drupal.org/sa-core-2018-003