Backdrop core - Moderately critical - Cross Site Scripting - BACKDROP-SA-CORE-2021-003
Backdrop core uses the third-party CKEditor library. This library has an error in parsing HTML that could lead to an XSS attack.
Update: 2021-06-11: More details are available on CKEditor's blog.
- Backdrop Core 1.19.x versions prior to 1.19.1
- Backdrop Core 1.18.x versions prior to 1.18.5
Backdrop versions 1.17 and prior do not receive security coverage.