Cross-Site Scripting in @ckeditor/ckeditor5-link
Moderate severity
GitHub Reviewed
Published
May 23, 2018
to the GitHub Advisory Database
•
Updated May 1, 2023
Description
Published to the GitHub Advisory Database
May 23, 2018
Reviewed
Jun 16, 2020
Last updated
May 1, 2023
Credits
-
tdunlap607 Analyst
Versions of
status-boardprior to 10.0.1 are vulnerable to Cross-Site Scripting. The_createPreviewButton()function fails to sanitize thehrefattribute of a created<a>tag. This may allow attackers to execute arbitrary JavaScript in a victim's browser.Recommendation
Upgrade to version 10.0.1 or later.
References