D8 Editor File upload - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-059

This module enables you to upload files directly within the CKEditor and create a link to download the given file. The module doesn't sufficiently check the uploaded file extensions when the allowed extensions list is not the default one. This vulnerability is mitigated by the fact that an attack...