Submit #380092: baidu Ueditor v1.4.3.3 Cross Site Scriptinginfo

Titlebaidu Ueditor v1.4.3.3 Cross Site Scripting
DescriptionA stored cross-site scripting (XSS) vulnerability has been identified in UEditor version 1.4.3.3. The vulnerability stems from the default configuration of config.json files within the ≤1.4.3.3 versions of UEditor, which permits the uploading of .swf files. Furthermore, for versions ≥1.4.2 and ≤1.4.3.3, UEditor's config files also allow the uploading of .xml files by default. Since both .swf and .xml files can execute scripts, this presents an opportunity for stored XSS attacks.
Source⚠️ https://github.com/Hebing123/cve/issues/62
User
 jiashenghe (ID 39445)
Submission07/25/2024 11:09 AM (2 months ago)
Moderation07/31/2024 05:14 PM (6 days later)
StatusAccepted
VulDB Entry273273
Points20

Do you need the next level of professionalism?

Upgrade your account now!