Security Moderately Critical XSS Vulnerability Discovered in CKEditor CKEditor has released a security update SA- Core-2021-011 that impacts Drupal. The issue, dated November 17, 2021, is classified as a moderately critical cross-site scripting (XSS) vulnerability.
Security Backport Server Configuration Code to Drupal 7 Backport of the Drupal 8 security fix though not required in Drupal 7 it would mitigate the issue when using vulnerable codes or libraries.
Security Drupal Releases Updates Against CKEditor Vulnerabilities Drupal recently released security updates due to the vulnerabilities in a third-party text editor bundled with it called CKEditor.