Lucene search
GoogleOSV:GHSA-GVPX-9459-W3MJHistoryMay 23, 2018 - 8:37 p.m.
Cross-Site Scripting in @ckeditor/ckeditor5-link
2018-05-2320:37:46
Google
osv.dev
15
0.001 Low
EPSS
Percentile
45.4%
Versions of status-board prior to 10.0.1 are vulnerable to Cross-Site Scripting. The _createPreviewButton() function fails to sanitize the href attribute of a created <a> tag. This may allow attackers to execute arbitrary JavaScript in a victim’s browser.
Recommendation
Upgrade to version 10.0.1 or later.
| CPE | Name | Operator | Version |
|---|---|---|---|
| @ckeditor/ckeditor5-link | lt | 10.0.1 | |
| @ckeditor/ckeditor5-link | ge | 0.3.0 |
References
ckeditor.com/blog/CKEditor-5-v10.0.1-released
github.com/advisories/GHSA-gvpx-9459-w3mj
github.com/ckeditor/ckeditor5-link
github.com/ckeditor/ckeditor5-link/blob/master/CHANGELOG.md#1001-2018-05-22
github.com/ckeditor/ckeditor5-link/commit/8cb782eceba10fc481e4021cb5d25b2a85d1b04e
nvd.nist.gov/vuln/detail/CVE-2018-11093
snyk.io/vuln/SNYK-JS-CKEDITORCKEDITOR5LINK-72892
www.npmjs.com/advisories/1154
Related
cvelist
cvelist
CVE-2018-11093
2018-05-22 18:00:00
veracode
veracode
Cross-site Scripting (XSS)
2018-05-23 02:25:57
prion
prion
Cross site scripting
2018-05-22 18:29:00
github
github
Cross-Site Scripting in @ckeditor/ckeditor5-link
2018-05-23 20:37:46
cve
cve
CVE-2018-11093
2018-05-22 18:29:00
ubuntucve
ubuntucve
CVE-2018-11093
2018-05-22 00:00:00
osv
osv
CVE-2018-11093
2018-05-22 18:29:00
nvd
nvd
CVE-2018-11093
2018-05-22 18:29:00
nodejs
nodejs
Cross-Site Scripting
2019-09-05 22:28:15