2 matches found
CVE-2018-14037
CVE-2018-14037 is a cross-site scripting vulnerability in Progress Kendo UI Editor v2018.1.221. The issue arises from the editorNS.Serializer toEditableHtml function in kendo.all.min.js, enabling an attacker to inject arbitrary JavaScript into the editor’s DOM. If a victim loads the editor, the p...
Progress Kendo UI Editor 2018.1.221 Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross-Site Scripting product: Progress Kendo UI Editor vulnerable version: v2018.1.221 fixed version: none, see workaround CVE number: CVE-2018-14037 impact: mediu...