CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-37888

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version < **1.0.5**.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.112

EPSS Ranking 93.2%

CVSS Severity

CVSS v3 Score 6.1

References

https://github.com/mlewand/ckeditor-plugin-openlink/security/advisories/GHSA-rhxf-gvmh-hrxm
https://github.com/mlewand/ckeditor-plugin-openlink/security/advisories/GHSA-rhxf-gvmh-hrxm

Products affected by CVE-2024-37888

Mlewand » Open Link » Version: N/A

cpe:2.3:a:mlewand:open_link:-
Mlewand » Open Link » Version: 1.0.0

cpe:2.3:a:mlewand:open_link:1.0.0
Mlewand » Open Link » Version: 1.0.1

cpe:2.3:a:mlewand:open_link:1.0.1
Mlewand » Open Link » Version: 1.0.2

cpe:2.3:a:mlewand:open_link:1.0.2
Mlewand » Open Link » Version: 1.0.3

cpe:2.3:a:mlewand:open_link:1.0.3
Mlewand » Open Link » Version: 1.0.4

cpe:2.3:a:mlewand:open_link:1.0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-37888

Products

Pricing

Contact Us