CKEditor, a third-party JavaScript library included in DXPR Builder, has fixed multiple vulnerabilities since we last updated this library.  

An attacker that can create or edit content (even without access to DXPR Builder themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to the WYSIWYG CKEditor, including site admins with privileged access.

text adapted from:


CKEditor security release included in this update:


Tuesday, August 17, 2021 - 17:00

Product updates

  • DXPR Builder
  • 7.x
  • 1.3.2
  • DXPR Builder
  • 1.x
  • 1.5.0

Impact key

Moderately Critical

Security risk


Cross Site Scripting


If you are using DXPR Builder, update to version 1.5.0 or 7.x-1.3.2.