| عنوان | baidu Ueditor v1.4.3.3 Cross Site Scripting |
|---|
| الوصف | A stored cross-site scripting (XSS) vulnerability has been identified in UEditor version 1.4.3.3.
The vulnerability stems from the default configuration of config.json files within the ≤x.x.x.x versions of UEditor, which permits the uploading of .swf files. Furthermore, for versions ≥1.4.2 and ≤x.x.x.x, UEditor's config files also allow the uploading of .xml files by default. Since both .swf and .xml files can execute scripts, this presents an opportunity for stored XSS attacks. |
|---|
| المصدر | ⚠️ https://github.com/Hebing123/cve/issues/62 |
|---|
| المستخدم | jiashenghe (UID 39445) |
|---|
| ارسال | 25/07/2024 11:09 AM (2 سنوات منذ) |
|---|
| الاعتدال | 31/07/2024 05:14 PM (6 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 273273 [Baidu UEditor 1.4.3.3 controller.php?action=uploadfile&encode=utf-8 upfile تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|