Date: Wednesday, May 26th, 2021 Security risk: Moderately Critical Advisory ID: BACKDROP-SA-CORE-2021-003 Vulnerability: Cross Site Scripting
- Backdrop Core 1.19.x versions prior to 1.19.1
- Backdrop Core 1.18.x versions prior to 1.18.5
Backdrop versions 1.17 and prior do not receive security coverage.
Backdrop core uses the third-party CKEditor library. This library has an error in parsing HTML that could lead to an XSS attack.