CKEditor 4 LTS Security Alert: Cross Site Scripting Vulnerability


The CKEditor 4 LTS - WYSIWYG HTML editor module for Drupal has been flagged with a moderately critical security risk due to a Cross Site Scripting vulnerability. The issue stems from the CKEditor library, impacting certain configurations within the Drupal module. The vulnerability, while requiring specific conditions to exploit, poses a risk to sites utilizing full-page editing mode or enabling CDATA elements in Advanced Content Filtering.

 To address this, users are advised to upgrade to version 1.0.1 of the ckeditor_lts module for Drupal 9.4 and above. This security concern was reported by Juraj Nemec of the Drupal Security Team and addressed by developers Wojciech Kukowski, Jacek Bogdański, and Dawid, under the coordination of Greg Knaddison, Nathaniel Catchpole, and cilefen from the Drupal Security Team. Learn more here.

Disclosure: This content is produced with the assistance of AI.

Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.

Advertisement Here

Upcoming Events

Advertisement Here