CVE-2026-4186 UEditor JSONP Callback controller.php cross site scripting

A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...

CVE-2026-4186

A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...

CVE-2026-3026 erzhongxmu JEEWMS UEditor getRemoteImage.jsp server-side request forgery

A vulnerability has been found in erzhongxmu JEEWMS 3.7. Affected by this issue is some unknown functionality of the file /plug-in/ueditor/jsp/getRemoteImage.jsp of the component UEditor. The manipulation of the argument upfile leads to server-side request forgery. The attack can be initiated...

CVE-2021-37271

Cross Site Scripting XSS vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information...

CVE-2025-29287

An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2025-3903

Vulnerability in Drupal UEditor - 百度编辑器.This issue affects UEditor - 百度编辑器:...

CVE-2025-3903

The CVE-2025-3903 entry concerns Drupal UEditor (百度编辑器), a module in Drupal. Connected sources confirm a vulnerability affecting UEditor in Drupal and assign a high CVSS v3.1 score (7.3, HIGH) with network attack vector, no privileges required, and user interaction not needed; impact is limited t...

CVE-2025-3903 UEditor - 百度编辑器 - Critical - Unsupported - SA-CONTRIB-2025-044

Vulnerability in Drupal UEditor - 百度编辑器.This issue affects UEditor - 百度编辑器:...

PT-2024-29450 · Unknown +1 · Productinfoquick +1

Name of the Vulnerable Software and Affected Versions: productinfoquick version 1.0 Description: The issue allows attackers to execute arbitrary code by uploading a crafted PNG file, exploiting an arbitrary file upload vulnerability in the Ueditor component. Recommendations: For version 1.0, upda...

ZZCMS Code Issues Vulnerabilities

ZZCMS is a content management system CMS from the China ZZCMS team. A security vulnerability exists in ZZCMS v.2023, which can be exploited to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...

Jfinal CMS 安全漏洞

Jfinal CMS is a powerful information consulting website developed in java, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS version 5.0.1 has a command injection vulnerability, which originates from...

Ueditor cross-site scripting vulnerability (CNVD-2024-02966)

UEditor is a rich text web editor that is lightweight, customizable, and focused on user experience. A cross-site scripting vulnerability exists in Ueditor version 1.4.3.3. An attacker can exploit this vulnerability to obtain user cookie information...

Yzmcms 跨站脚本漏洞

Yzmcms is an open source CMS Content Management System. A cross-site scripting vulnerability exists in YzmCMS version 5.6. The vulnerability stems from the program using UEditor 1.4.3.3, so the vulnerability can be exploited through the SRC attribute of the IFRAME element in...