Multiple vulnerabilities in the Drupal core 8.4.x-dev 7.x-dev Description The security team of Drupal has published two new versions that correct multiple vulnerabilities in versions 7 and 8. Solution Update the Drupal core to the latest version: Drupal 8.4.5 Drupal 7.57 Detail The main vulnerabilities corrected with these updates are: Any user with permission to post comments can access comments for which they do not have authorization and modify them. This vulnerability affects version 8 of Drupal. The JavaScript function checkPlain () used to escape possible malicious entries does not correctly handle all HTML injection methods, being able to perform cross-site scripting attacks in certain circumstances. This vulnerability affects version 7 of Drupal.