CVE-2024-45400
CVSS V2 None
CVSS V3 None
Description
ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix is available starting with version 1.0.7.
Overview
- CVE ID
- CVE-2024-45400
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-09-05T23:23:32.908Z
- Last Modified Date
- 2024-09-05T23:23:32.908Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/mlewand/ckeditor-plugin-openlink/security/advisories/GHSA-qj47-6x6q-m3c9 | x_refsource_CONFIRM |
https://github.com/mlewand/ckeditor-plugin-openlink/commit/402391fdd4d9cfd079031372f9caebbf54993ffb | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-45400 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45400 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-09-06 13:07:23 | Added to TrackCVE |