Title | baidu Ueditor v1.4.3.3 Cross Site Scripting |
---|
Description | A stored cross-site scripting (XSS) vulnerability has been identified in UEditor version 1.4.3.3.
The vulnerability stems from the default configuration of config.json files within the ≤1.4.3.3 versions of UEditor, which permits the uploading of .swf files. Furthermore, for versions ≥1.4.2 and ≤1.4.3.3, UEditor's config files also allow the uploading of .xml files by default. Since both .swf and .xml files can execute scripts, this presents an opportunity for stored XSS attacks. |
---|
Source | ⚠️ https://github.com/Hebing123/cve/issues/62 |
---|
User | jiashenghe (ID 39445) |
---|
Submission | 07/25/2024 11:09 AM (2 months ago) |
---|
Moderation | 07/31/2024 05:14 PM (6 days later) |
---|
Status | Accepted |
---|
VulDB Entry | 273273 |
---|
Points | 20 |
---|