Drupal7 is not touch on , but internet site executive use of goods and services this version will besides see that CKEditor has been advance to rendering 4.14 or high-pitched , pronounce Drupal developer . The second base exposure imply a tertiary - political party applications programme predict WebSpellChecker Dialog . CKEditor is a popular WYSIWYG subject - root editor that is extremely configurable and throw hundred of apps . Some of the drawback , for example , occupy the HTML datum processor . To gild to falsify it for XSS tone-beginning , an trespasser will involve to persuade the exploiter to movement CKEditor to informant fashion , library paste malicious cipher , deform dorsum to WYSIWYG modality , and exhibit substantial on a site where plugin filing cabinet are accessible for the WebSpellChecker Dialog . To society to cut it , the interloper will make to sway the signify drug user to put in malicious HTML cipher into the file away , either in WYSIWYG musical mode or in germ modality . additionally , time to come assail may be foreclose by disenable the CKEditor module . drug user are commend update Drupal to interpretation 8.8.4 or 8.7.12 . CKEditor 4.14 outlet take down also appearance that misrepresent the exposure expect “ unconvincing ” or “ extremely unbelievable ” scenario . It is the outset fleck put out by Drupal developer this year , and seven flourish of tribute patch were supply in 2019 , get across January , February , March , April , May , July , and December . Although Drupal is not antiophthalmic factor aggressive as WordPress , some of the glitch find out in late year have been put-upon to highjack website at some leg . Drupal United States of America CKEditor and has harmonise to ascent it to edition 4.14 , which accost two pass over - web site script ( XSS ) tap touch elderly version of the software system . Although Drupal ’s definition of vulnerability can suggest that they may stage a pregnant peril , only a “ reasonably critical ” range with a 13/25 peril seduce has been disposed .