Lucene search
K

189 matches found

Vulnrichment
Vulnrichment
added 2024/08/01 4:31 a.m.20 views

CVE-2024-7342 Baidu UEditor unrestricted upload

A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the atta...

5.3CVSS6.7AI score0.00453EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/08/01 4:31 a.m.38 views

CVE-2024-7342 Baidu UEditor unrestricted upload

A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the atta...

5.3CVSS0.00453EPSS
Exploits1References4
CVE
CVE
added 2024/08/01 4:31 a.m.133 views

CVE-2024-7342

Baidu UEditor 1.4.3.3 contains an unrestricted upload vulnerability in the endpoint /ueditor/php/controller.php?action=uploadfile&encode=utf-8, triggered by manipulating the upfile parameter. The issue enables remote initiation and has publicly disclosed exploits; multiple sources corroborate the...

6.1CVSS4AI score0.00453EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/01 12:0 a.m.5 views

PT-2024-38276 · Baidu · Baidu Ueditor

Name of the Vulnerable Software and Affected Versions: Baidu UEditor version 1.4.3.3 Description: A vulnerability was found in Baidu UEditor, affecting an unknown part of the file "/ueditor/php/controller.php?action=uploadfile&encode=utf-8". The manipulation of the upfile argument leads to...

6.1CVSS4.5AI score0.00453EPSS
Exploits1References8
CNNVD
CNNVD
added 2024/08/01 12:0 a.m.5 views

Baidu UEditor 代码问题漏洞

Baidu UEditor is a WYSIWYG rich text web editor from the Chinese company Baidu. A code issue vulnerability exists in Baidu UEditor version 1.4.3.3, which stems from the operation of the parameter upfile that can lead to unrestricted uploads...

6.1CVSS5AI score0.00453EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/08/01 12:0 a.m.5 views

Baidu UEditor 跨站脚本漏洞

Baidu UEditor is a WYSIWYG rich text web editor from the Chinese company Baidu. A cross-site scripting vulnerability exists in Baidu UEditor 1.4.2, which stems from a manipulation of the parameter source that can lead to cross-site scripting attacks...

6.1CVSS4.3AI score0.00453EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/07/12 12:0 a.m.10 views

CVE-2024-40543

PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery SSRF via the component /admin/ueditor?action=catchimage...

7.6AI score0.00302EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.6 views

Avue Cross-Site Scripting Vulnerability

Avue is an Avue open source secondary package based on the existing element-ui library. A cross-site scripting vulnerability exists in Avue 3.4.4 and earlier versions, which stems from the component avueUeditor containing unknown functions that lead to cross-site scripting...

5.3CVSS5.9AI score0.00333EPSS
Exploits0References5
NVD
NVD
added 2023/09/15 5:15 p.m.22 views

CVE-2023-42398

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...

9.8CVSS9.6AI score0.01316EPSS
Exploits1References1
OSV
OSV
added 2023/09/15 5:15 p.m.5 views

CVE-2023-42398

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...

9.8CVSS6.1AI score0.01316EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/09/15 5:15 p.m.3 views

CVE-2023-42398

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...

9.8CVSS7.7AI score0.01316EPSS
Exploits1References2
Prion
Prion
added 2023/09/15 5:15 p.m.21 views

Code injection

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...

7.5CVSS9.4AI score0.01316EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/09/15 12:0 a.m.96 views

CVE-2023-42398

The CVE-2023-42398 issue affects zzCMS v.2023, where an attacker can remotely execute arbitrary code and disclose sensitive data through the ueditor component in controller.php. The vulnerability is associated with zzCMS 2023 and involves the ueditor integration in controller.php, enabling code e...

9.8CVSS9.4AI score0.01316EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/15 12:0 a.m.6 views

PT-2023-28328 · Zzcms +1 · Zzcms +1

Name of the Vulnerable Software and Affected Versions: zzCMS version 2023 Description: An issue in the software allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php. Recommendations: For zzCMS version 2023, consider...

9.8CVSS9.6AI score0.01316EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/09/15 12:0 a.m.12 views

CVE-2023-42398

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...

7.6AI score0.01316EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/09/15 12:0 a.m.21 views

CVE-2023-42398

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...

9.7AI score0.01316EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/09/15 12:0 a.m.5 views

ZZCMS Code Issues Vulnerabilities

ZZCMS is a content management system CMS from the China ZZCMS team. A security vulnerability exists in ZZCMS v.2023, which can be exploited to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php...

9.8CVSS7.4AI score0.01316EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/09/03 12:0 a.m.5 views

Dreamer CMS Security Vulnerability

Dreamer CMS is a dreamer content management system by Junnan Wang, an individual developer in China. A security vulnerability exists in Dreamer CMS 4.1.3 and earlier versions, which originates from an unknown function in /upload/ueditorConfig?action=config that results in an accessible file or...

4.8CVSS6.7AI score0.00508EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/08/11 2:15 p.m.2 views

CVE-2020-36037

An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php...

8.8CVSS5.8AI score0.00781EPSS
Exploits1References2
OSV
OSV
added 2023/08/11 2:15 p.m.20 views

CVE-2020-36037

An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php...

8.8CVSS7.8AI score
Exploits0References1
Rows per page
Query Builder