Name of the Vulnerable Software and Affected Versions Drupal versions (affected versions not specified)

Description The issue is related to the use of the third-party library CKEditor in Drupal, which has a security improvement that protects against Cross Site Scripting (XSS) vulnerabilities. If Drupal is configured to use the WYSIWYG CKEditor, an attacker who can create or edit content may exploit this vulnerability to target users with access to the WYSIWYG CKEditor, including site admins with privileged access.

Recommendations Update CKEditor to version 4.14 to mitigate the vulnerabilities. As a temporary workaround, consider restricting access to the WYSIWYG CKEditor to minimize the risk of exploitation.