Several Vulnerabilities Patched in Drupal
Updates released on Wednesday for Drupal 7 and 8 patch several vulnerabilities, including issues rated “critical.” No bug fixes are included in the latest releases.
One of the critical security holes patched by Drupal 8.4.5 and 7.57 is related to incomplete cross-site scripting (XSS) prevention mechanisms.
Read more: Several Vulnerabilities Patched in Drupal
Story added 22. February 2018, content source with full text you can find at link above.