Ckeditor · Ckeditor Open Link Plugin · CVE-2024-37888
**Name of the Vulnerable Software and Affected Versions**
CKEditor Open Link plugin versions prior to 1.0.5
**Description**
The issue allows execution of JavaScript code by abusing the link href attribute. It affects users of the Open Link plugin.
**Recommendations**
For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider disabling the plugin until a patch is available. Restrict access to the link href attribute to minimize the risk of exploitation.