drupal -- Drupal core - Moderately critical
The Drupal security team reports:
core, has fixed a cross-site scripting (XSS) vulnerability. The
vulnerability stemmed from the fact that it was possible to execute
XSS inside CKEditor when using the image2 plugin (which Drupal 8
core also uses).
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright