cvedb.io
CVE-2024-45400
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2024-09-06T00:15:02.507 · Last modified 2026-06-17T07:54:08.490

Summary

ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix is available starting with version 1.0.7.

Affected products

mlewand — open_link

Does this affect you?

Add your gear to cvedb and we'll alert you only when mlewand ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.