CKEditor Open Link Plugin Vulnerability Allows Execution of JavaScript Code
CVE-2024-37888

6.1MEDIUM

Key Information:

Vendor: Mlewand
Status: Ckeditor-plugin-openlink
Vendor: CVE Published:; 14 June 2024

What is CVE-2024-37888?

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version < 1.0.5.

Affected Version(s)

ckeditor-plugin-openlink < 1.0.5

References

https://github.com/mlewand/ckeditor-plugin-openlink/secur...

x_refsource_CONFIRM

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Jun 10, 2024