CVE-2018-11093
CVE-2018-11093 describes a Cross-site Scripting (XSS) vulnerability in the CKEditor 5 Link package prior to 10.0.1. The issue arises from insufficient sanitization/escaping of the href attribute in a created link (A) element, enabling an attacker to inject arbitrary script when a crafted href is ...