Lucene search
Toan Chi Nguyen, Michal BazyliNODEJS:1154HistorySep 05, 2019 - 10:28 p.m.
Cross-Site Scripting
2019-09-0522:28:15
Toan Chi Nguyen, Michal Bazyli
www.npmjs.com
6
0.001 Low
EPSS
Percentile
45.4%
Overview
Versions of status-board prior to 10.0.1 are vulnerable to Cross-Site Scripting. The _createPreviewButton() function fails to sanitize the href attribute of a created <a> tag. This may allow attackers to execute arbitrary JavaScript in a victim’s browser.
Recommendation
Upgrade to version 10.0.1 or later.
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| @ckeditor/ckeditor5-link | lt | 10.0.1 |
Related
cvelist
cvelist
CVE-2018-11093
2018-05-22 18:00:00
veracode
veracode
Cross-site Scripting (XSS)
2018-05-23 02:25:57
prion
prion
Cross site scripting
2018-05-22 18:29:00
github
github
Cross-Site Scripting in @ckeditor/ckeditor5-link
2018-05-23 20:37:46
cve
cve
CVE-2018-11093
2018-05-22 18:29:00
ubuntucve
ubuntucve
CVE-2018-11093
2018-05-22 00:00:00
osv
osv
CVE-2018-11093
2018-05-22 18:29:00
Cross-Site Scripting in @ckeditor/ckeditor5-link
2018-05-23 20:37:46
nvd
nvd
CVE-2018-11093
2018-05-22 18:29:00