vulnerability
FreeBSD: VID-33174280-43fa-11e8-aad5-6cf0497db129: drupal -- Drupal core - Moderately critical
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Apr 19, 2018 | Apr 19, 2018 | Dec 10, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Apr 19, 2018
Added
Apr 19, 2018
Modified
Dec 10, 2025
Description
The Drupal security team reports: CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses).
Solution
freebsd-upgrade-package-drupal8
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.