Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-337W-FXPQ-5M34
HistoryMay 15, 2024 - 9:02 p.m.

Drupal core uses a vulnerable Third-party library CKEditor

2024-05-1521:02:01
GitHub Advisory Database
github.com
drupal
ckeditor
security vulnerability
cross site scripting
wysiwyg
third-party library
xss mitigation

6 Medium

AI Score

Confidence

High

JSON

The Drupal project uses the third-party library CKEditor, which has released a security improvement that is needed to protect some Drupal configurations.

Vulnerabilities are possible if Drupal is configured to use the WYSIWYG CKEditor for your site’s users. An attacker that can create or edit content may be able to exploit this Cross Site Scripting (XSS) vulnerability to target users with access to the WYSIWYG CKEditor, and this may include site admins with privileged access.

The latest versions of Drupal update CKEditor to 4.14 to mitigate the vulnerabilities.

CPENameOperatorVersion
drupal/drupallt8.8.4
drupal/drupallt8.7.12

6 Medium

AI Score

Confidence

High

JSON