Ckeditor · Ckeditor Open Link Plugin · CVE-2024-45400
Name of the Vulnerable Software and Affected Versions:
ckeditor-plugin-openlink versions prior to 1.0.7
Description:
A vulnerability in the ckeditor-plugin-openlink plugin for the CKEditor JavaScript text editor allowed a user to execute JavaScript code by abusing the link href attribute. This issue affects versions prior to 1.0.7.
Recommendations:
For versions prior to 1.0.7, update to version 1.0.7 or later to resolve the issue. As a temporary workaround, consider disabling the plugin until a patch is available. Restrict access to the link href attribute to minimize the risk of exploitation.