CVE-2024-45400

Name of the Vulnerable Software and Affected Versions: ckeditor-plugin-openlink versions prior to 1.0.7

Description: A vulnerability in the ckeditor-plugin-openlink plugin for the CKEditor JavaScript text editor allowed a user to execute JavaScript code by abusing the link href attribute. This issue affects versions prior to 1.0.7.

Recommendations: For versions prior to 1.0.7, update to version 1.0.7 or later to resolve the issue. As a temporary workaround, consider disabling the plugin until a patch is available. Restrict access to the link href attribute to minimize the risk of exploitation.