Test ID:	1.3.6.1.4.1.25623.1.0.143612
Category:	Web application abuses
Title:	Drupal 8.x CKEditor XSS Vulnerability (SA-CORE-2020-001) - Linux
Summary:	Drupal is prone to a cross-site scripting (XSS); vulnerability in a third-party library.
Description:	Summary: Drupal is prone to a cross-site scripting (XSS) vulnerability in a third-party library. Vulnerability Insight: The Drupal project uses the third-party library CKEditor, which has released a security improvement that is needed to protect some Drupal configurations. Vulnerabilities are possible if Drupal is configured to use the WYSIWYG CKEditor for your site's users. When multiple people can edit content, the vulnerability can be used to execute XSS attacks against other people, including site admins with more access. Affected Software/OS: Drupal 8.7.x and 8.8.x. Solution: Update to version 8.7.12, 8.8.4 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-9281 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4HHYQ6N452XTCIROFMJOTYEUWSB6FR4/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OJ4BSS3VEAEXPNSOOUAXX6RDNECGZNO/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L322YA73LCV3TO7ORY45WQDAFJVNKXBE/ https://github.com/ckeditor/ckeditor4 https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/security-alerts/cpuoct2021.html
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.