Vulnerability CVE-2024-37888
Published: 2024-06-14

Description:
The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version < **1.0.5**.

 References:
https://github.com/mlewand/ckeditor-plugin-openlink/security/advisories/GHSA-rhxf-gvmh-hrxm
Copyright 2026, cxsecurity.com

 

Back to Top