Backdrop core - Moderately critical - Third-party library - BACKDROP-SA-CORE-2020-001
Security risk: Moderately Critical Advisory ID: BACKDROP-SA-CORE-2020-001 Vulnerability: Third Party Libraries
Vulnerabilities are possible if Backdrop is configured to use the Rich-Text editor, CKEditor, for editing content. When multiple people can edit content, the vulnerability can be used to execute XSS attacks against other people, including site admins with more access.
The latest versions of Backdrop update CKEditor to 4.14 to mitigate the vulnerabilities.
The CKEditor module can also be disabled to mitigate the vulnerability until the site is updated.