EUVD-2021-34758

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...

Cross-site Scripting (XSS)

aimeos/ai-cms-grapesjs is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to lack of proper sanitization when Content Security Policy is disabled, which allows an attacker to inject malicious JavaScript through editor content...

Raonwiz DEXT5 Editor Arbitrary File Download Vulnerability

Raonwiz DEXT5 Editor is an HTML-based Web editor from the Korean company Raonwiz. A security vulnerability exists in the handler/uploadhandler.jsp file in Raonwiz DEXT5 Editor 3.5.1402961 and earlier versions. An attacker can exploit this vulnerability to download arbitrary files with the help of...

Progress Kendo UI Editor Cross-Site Scripting Vulnerability

Progress Kendo UI Editor is a complete UI toolkit for web development. A cross-site scripting vulnerability exists in Progress Kendo UI Editor that allows an attacker to execute JavaScript within the context of the editor itself...

Stored XSS Vulnerability in Full Version of UEditor

UEditor is developed by Baidu web front-end R & D Department of WYSIWYG rich text web editor . A stored XSS vulnerability exists in all versions of UEditor. An attacker can exploit this vulnerability to execute javascript code in a file...