Lucene search
GitHub Advisory DatabaseGHSA-9HFW-CVF4-5X25HistoryMay 31, 2024 - 6:31 p.m.
wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function
2024-05-3118:31:14
GitHub Advisory Database
github.com
7
wangeditor
xss
cross-site scripting
image upload
vulnerability
software
There is a cross-site scripting (XSS) issue in wangEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12.
Affected configurations
Node
wangeditorwangeditorRange≤4.7.11
| CPE | Name | Operator | Version |
|---|---|---|---|
| @wangeditor/editor | le | 4.7.11 |
References
gist.github.com/Mdxjj/5cf0a31e8abf24ed688ceb5b3543516d
github.com/advisories/GHSA-9hfw-cvf4-5x25
github.com/wangeditor-team/wangEditor/commit/6257a2e166346913c34ac5cfb31b6a46e9544c5a
github.com/wangeditor-team/wangEditor/issues/3870
github.com/wangeditor-team/wangEditor/issues/3872
nvd.nist.gov/vuln/detail/CVE-2022-25037
Related
cve
cve
CVE-2022-25037
2024-05-31 16:15:09
veracode
veracode
Cross Site Scripting (XSS)
2024-06-05 06:23:37
nvd
nvd
CVE-2022-25037
2024-05-31 16:15:09
cvelist
cvelist
CVE-2022-25037
1976-01-01 00:00:00
