3 matches found
CVE-2018-11093
Cross-site scripting XSS vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link A element...
CVE-2018-11093
Cross-site scripting XSS vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link A element...
CVE-2018-11093
CVE-2018-11093 describes a Cross-site Scripting (XSS) vulnerability in the CKEditor 5 Link package prior to 10.0.1. The issue arises from insufficient sanitization/escaping of the href attribute in a created link (A) element, enabling an attacker to inject arbitrary script when a crafted href is ...