Security Update:Drupal has released a MODERATLY CRITICAL security advisory to address a vulnerability in Drupal 7 and 8
Date and Time
Drupal has released a MODERATLY CRITICAL security advisory to address a vulnerability in Drupal 7 and 8.
Advanced Users: For the full Public Announcement refer to:
- Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2018-003 at: https://www.drupal.org/sa-core-2018-003
- Drupal 7 and 8
WHAT'S THE PROBLEM?
If exploited, this vulnerability may allow an attacker to gain access to sensitive information.
WHAT DO YOU NEED TO DO?
Install the latest version:
- If you use Drupal 8, update to Drupal 8.5.2 or Drupal 8.4.7:
- The Drupal 7.x CKEditor contributed module is not affected if you are running CKEditor module 7.x-1.18 and using CKEditor from the CDN, since it currently uses a version of the CKEditor library that is not vulnerable.
- IT Security - http://it.ucsf.edu/security