drupal/drupal is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to the issues in the CKEditor library when configured for WYSIWYG editing, allowing attackers to target users with access to CKEditor, including privileged site admins.