Versions of status-board
prior to 10.0.1 are vulnerable to Cross-Site Scripting. The _createPreviewButton()
function fails to sanitize the href
attribute of a created <a>
tag. This may allow attackers to execute arbitrary JavaScript in a victim’s browser.
Upgrade to version 10.0.1 or later.
CPE | Name | Operator | Version |
---|---|---|---|
@ckeditor/ckeditor5-link | lt | 10.0.1 |