Security advisories: Drupal core – Moderately critical – Cross Site Scripting – SA-CORE-2021-003

Project: 
Date: 
2021-May-26
Vulnerability: 
Cross Site Scripting
Description: 
Drupal core uses the third-party CKEditor library. This library has an error in parsing HTML that could lead to an XSS attack.

Solution: 
Install the latest version:

Versions of Drupal 8 prior to 8.9.x are end-of-life and do not receive security coverage.

Reported By: 
Fixed By: 


Go to Source
Author: