Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element.
References
Link | Resource |
---|---|
https://ckeditor.com/blog/CKEditor-5-v10.0.1-released/ | Release Notes Vendor Advisory |
https://github.com/ckeditor/ckeditor5-link/blob/master/CHANGELOG.md#1001-2018-05-22 | Release Notes Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-05-22T18:00:00
Updated: 2018-05-22T17:57:01
Reserved: 2018-05-14T00:00:00
Link: CVE-2018-11093
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-05-22T18:29:00.233
Modified: 2019-10-30T17:20:09.890
Link: CVE-2018-11093
JSON object: View
Redhat Information
No data.
CWE