Another Critical Flaw Found In Drupal Core—Patch Your Sites Immediately

It's time to update your Drupal websites, once again. For the second time within a month, Drupal has been found vulnerable to another critical vulnerability that could allow remote attackers to pull off advanced attacks including cookie theft, keylogging, phishing and identity theft. Discovered b...

DRUPAL-CORE-2018-003

CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting XSS vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin which Drupal 8 core also uses. We would like to thank th...