Lucene search

GitHub_MCVE-2024-37888

HistoryJun 14, 2024 - 6:15 p.m.

CVE-2024-37888

2024-06-1418:15:27

CWE-79

GitHub_M

web.nvd.nist.gov

open link ckeditor plugin

context menu

javascript code

link href attribute

version 1.0.5

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.6%

JSON

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version < 1.0.5.

Affected configurations

Nvd

Vulners

Node

mlewandopen_linkRange<1.0.5ckeditor

VendorProductVersionCPE
mlewandopen_link*cpe:2.3:a:mlewand:open_link:*:*:*:*:*:ckeditor:*:*

Vendor	Product	Version	CPE
mlewand	open_link	*	cpe:2.3:a:mlewand:open_link::::::ckeditor::*

CNA Affected

[
  {
    "vendor": "mlewand",
    "product": "ckeditor-plugin-openlink",
    "versions": [
      {
        "version": "< 1.0.5",
        "status": "affected"
      }
    ]
  }
]

References

github.com/mlewand/ckeditor-plugin-openlink/security/advisories/GHSA-rhxf-gvmh-hrxm

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.6%

JSON

Related for CVE-2024-37888