Description

ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix is available starting with version 1.0.7.

INFO

Published Date :

2024-09-05T23:23:32.908Z

Last Modified :

2024-09-06T13:25:02.194Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45400 vulnerability.

Vendors Products
Mlewand
  • Open Link
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45400.

URL Resource
https://github.com/mlewand/ckeditor-plugin-openlink/commit/402391fdd4d9cfd079031372f9caebbf54993ffb cve-icon cve-icon
https://github.com/mlewand/ckeditor-plugin-openlink/security/advisories/GHSA-qj47-6x6q-m3c9 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact