@ckeditor/ckeditor5-link is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists due to the lack of escaping for the a href
attributes, allowing arbitrary scripts to be executed.
CPE | Name | Operator | Version |
---|---|---|---|
@ckeditor/ckeditor5-link | le | 1.0.0-alpha.2 | |
@ckeditor/ckeditor5-link | le | 10.0.0 |