Your submission was sent successfully! Close

CVE-2018-11093

Published: 22 May 2018

Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
ckeditor
Launchpad, Ubuntu, Debian
artful Not vulnerable
(code not present)
bionic Not vulnerable
(code not present)
precise Does not exist

trusty Does not exist
(trusty was not-affected [code not present])
upstream Needs triage

xenial Not vulnerable
(code not present)