CVE-2018-11093
https://notcve.org/view.php?id=CVE-2018-11093
Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element. Vulnerabilidad Cross-Site Scripting (XSS) en el paquete Link de CKEditor 5 en versiones anteriores a la 10.0.1 permite que atacantes remotos inyecten scripts web arbitrarios mediante un atributo href manipulado de un elemento link (A). • https://github.com/ossf-cve-benchmark/CVE-2018-11093 https://ckeditor.com/blog/CKEditor-5-v10.0.1-released https://github.com/ckeditor/ckeditor5-link/blob/master/CHANGELOG.md#1001-2018-05-22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •