Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2021-003

Project: Drupal coreDate: 2021-May-26Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Cross Site ScriptingDescription: Drupal core uses the third-party CKEditor library. This library has an error in parsing HTML that could lead to an XSS attack. Solution: Install the latest version:

Versions of Drupal 8 prior to 8.9.x are end-of-life and do not receive security coverage.Reported By: 

Fixed By: 

Path to article https://www.drupal.org/sa-core-2021-003