CKEditor, a third-party JavaScript library included in DXPR Builder, has fixed multiple vulnerabilities since we last updated this library.  

Vulnerabilities are possible on any site that uses DXPR Builder as an editor. An attacker that can create or edit content (even without access to CKEditor themselves) may be able to exploit one or more Cross-Site Scripting (XSS) vulnerabilities to target users with access to DXPR Builder, including site admins with privileged access.

text adapted from:


CKEditor security release included in this update:


Tuesday, November 23, 2021 - 10:00

Product updates

  • DXPR Builder
  • 1.x
  • 1.5.4
  • DXPR Builder
  • 7.x
  • 1.3.3

Impact key

Moderately Critical

Security risk


Cross Site Scripting


If you are using DXPR Builder, update to version 1.5.4 or 7.x-1.3.3.