Number: AV18-068
Date: 19 April 2018
Purpose
The purpose of this advisory is to bring attention to a Drupal security advisory.
Assessment
Drupal has released an update to address a cross-site scripting (XSS) vulnerability . Exploitation of this vulnerability makes it possible to execute XSS inside CKEditor when using the image2 plugin that is used by Drupal 8 core.
Affected Version:
- Drupal 8
- CKEditor versions 4.5.11 and later
Suggested Action
CCIRC recommends that owners/operators test and deploy the vendor released update or workaround to affected platforms accordingly.
References: