{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45400", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-08-28T20:21:32.803Z", "datePublished": "2024-09-05T23:23:32.908Z", "dateUpdated": "2024-09-06T13:25:02.194Z"}, "containers": {"cna": {"title": "CKEditor Open Link plugin vulnerable to Cross-site Scripting", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/mlewand/ckeditor-plugin-openlink/security/advisories/GHSA-qj47-6x6q-m3c9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/mlewand/ckeditor-plugin-openlink/security/advisories/GHSA-qj47-6x6q-m3c9"}, {"name": "https://github.com/mlewand/ckeditor-plugin-openlink/commit/402391fdd4d9cfd079031372f9caebbf54993ffb", "tags": ["x_refsource_MISC"], "url": "https://github.com/mlewand/ckeditor-plugin-openlink/commit/402391fdd4d9cfd079031372f9caebbf54993ffb"}], "affected": [{"vendor": "mlewand", "product": "ckeditor-plugin-openlink", "versions": [{"version": "< 1.0.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-05T23:23:32.908Z"}, "descriptions": [{"lang": "en", "value": "ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix is available starting with version 1.0.7."}], "source": {"advisory": "GHSA-qj47-6x6q-m3c9", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-06T13:24:44.427922Z", "id": "CVE-2024-45400", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T13:25:02.194Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45400", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-06T13:24:44.427922Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-06T13:24:54.800Z"}}], "cna": {"title": "CKEditor Open Link plugin vulnerable to Cross-site Scripting", "source": {"advisory": "GHSA-qj47-6x6q-m3c9", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "mlewand", "product": "ckeditor-plugin-openlink", "versions": [{"status": "affected", "version": "< 1.0.7"}]}], "references": [{"url": "https://github.com/mlewand/ckeditor-plugin-openlink/security/advisories/GHSA-qj47-6x6q-m3c9", "name": "https://github.com/mlewand/ckeditor-plugin-openlink/security/advisories/GHSA-qj47-6x6q-m3c9", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/mlewand/ckeditor-plugin-openlink/commit/402391fdd4d9cfd079031372f9caebbf54993ffb", "name": "https://github.com/mlewand/ckeditor-plugin-openlink/commit/402391fdd4d9cfd079031372f9caebbf54993ffb", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix is available starting with version 1.0.7."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-05T23:23:32.908Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45400", "state": "PUBLISHED", "dateUpdated": "2024-09-06T13:25:02.194Z", "dateReserved": "2024-08-28T20:21:32.803Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-09-05T23:23:32.908Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mlewand:open_link:*:*:*:*:*:ckeditor:*:*", "matchCriteriaId": "B3A98245-1561-49F7-9C6B-2527AEFCABE2", "versionEndExcluding": "1.0.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix is available starting with version 1.0.7."}, {"lang": "es", "value": "ckeditor-plugin-openlink es un complemento para el editor de texto JavaScript CKEditor que ampl\u00eda el men\u00fa contextual con la posibilidad de abrir un enlace en una nueva pesta\u00f1a. Una vulnerabilidad en las versiones del complemento anteriores a la 1.0.7 permit\u00eda a un usuario ejecutar c\u00f3digo JavaScript abusando del atributo href del enlace. La soluci\u00f3n est\u00e1 disponible a partir de la versi\u00f3n 1.0.7."}], "id": "CVE-2024-45400", "lastModified": "2024-09-19T18:04:36.627", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-09-06T00:15:02.507", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/mlewand/ckeditor-plugin-openlink/commit/402391fdd4d9cfd079031372f9caebbf54993ffb"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/mlewand/ckeditor-plugin-openlink/security/advisories/GHSA-qj47-6x6q-m3c9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}