Changelog #15

Moderately critical - Cross Site Scripting - security patch is now available for Webform module
By Staff Writer - August 25, 2021

The Webform module uses the CKEditor [3], library for WYSIWYG editing. CKEditor has released a security update that impacts Webform [4].

An attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor, including site admins with privileged access.

Please make sure to backup your website before updating the Webform module.

Security Release information: https://www.drupal.org/sa-contrib-2021-026

Webform Page: https://www.drupal.org/project/webform

Related topics

Security Update