CVE-2019-1010113

Name of the Vulnerable Software and Affected Versions: Premium Software CLEditor versions 1.4.5 and earlier

Description: The issue allows an attacker to inject arbitrary HTML and script code into a website, potentially leading to Cross Site Scripting (XSS). This is made possible when the victim opens a crafted href attribute of a link (A) element. The component affected is a jQuery plug-in.

Recommendations: For Premium Software CLEditor versions 1.4.5 and earlier, update to a version later than 1.4.5 to resolve the issue. As a temporary workaround, consider restricting the use of the jQuery plug-in until a patch is available. Avoid using crafted href attributes in link elements to minimize the risk of exploitation.