Vulnerability Details CVE-2024-45400
ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix is available starting with version 1.0.7.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.9%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2024-45400
-
cpe:2.3:a:mlewand:open_link:-
-
cpe:2.3:a:mlewand:open_link:1.0.0
-
cpe:2.3:a:mlewand:open_link:1.0.1
-
cpe:2.3:a:mlewand:open_link:1.0.2
-
cpe:2.3:a:mlewand:open_link:1.0.3
-
cpe:2.3:a:mlewand:open_link:1.0.4
-
cpe:2.3:a:mlewand:open_link:1.0.5
-
cpe:2.3:a:mlewand:open_link:1.0.6