CVE-2024-37888

The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version < **1.0.5**.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mlewand:open_link:*:*:*:*:*:ckeditor:*:*

History

21 Nov 2024, 09:24

Type Values Removed Values Added
References () https://github.com/mlewand/ckeditor-plugin-openlink/security/advisories/GHSA-rhxf-gvmh-hrxm - Vendor Advisory () https://github.com/mlewand/ckeditor-plugin-openlink/security/advisories/GHSA-rhxf-gvmh-hrxm - Vendor Advisory

08 Aug 2024, 18:01

Type Values Removed Values Added
First Time Mlewand open Link
Mlewand
CPE cpe:2.3:a:mlewand:open_link:*:*:*:*:*:ckeditor:*:*
References () https://github.com/mlewand/ckeditor-plugin-openlink/security/advisories/GHSA-rhxf-gvmh-hrxm - () https://github.com/mlewand/ckeditor-plugin-openlink/security/advisories/GHSA-rhxf-gvmh-hrxm - Vendor Advisory

17 Jun 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) Open Link es un complemento de CKEditor que amplía el menú contextual con la posibilidad de abrir un enlace en una nueva pestaña. La vulnerabilidad permitía ejecutar código JavaScript abusando del atributo href del enlace. Afecta a todos los usuarios que utilizan el complemento Open Link en la versión &lt;**1.0.5**.

14 Jun 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-14 18:15

Updated : 2024-11-21 09:24


NVD link : CVE-2024-37888

Mitre link : CVE-2024-37888

CVE.ORG link : CVE-2024-37888


JSON object : View

Products Affected

mlewand

  • open_link
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')