SA-CORE-2018-003: XSS Vulnerability

March 18, 2018

CKEditor, a third-party JavaScript library included in Drupal core, is affected by a cross-site scripting (XSS) vulnerability. It’s possible to execute XSS inside CKEditor when using the image2 plugin.

References

www.drupal.org/sa-core-2018-003

Detect and mitigate SA-CORE-2018-003 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →