Lucene search
K
BaiduUeditor

4 matches found

CVE
CVE
added 2024/08/01 4:31 a.m.133 views

CVE-2024-7342

Baidu UEditor 1.4.3.3 contains an unrestricted upload vulnerability in the endpoint /ueditor/php/controller.php?action=uploadfile&encode=utf-8, triggered by manipulating the upfile parameter. The issue enables remote initiation and has publicly disclosed exploits; multiple sources corroborate the...

6.1CVSS4AI score0.00453EPSS
Web
CVE
CVE
added 2024/08/01 5:0 a.m.122 views

CVE-2024-7343

Baidu UEditor 1.4.2 is affected. The vulnerability is in /ueditor142/php/controller.php?action=catchimage, where manipulating the argument source[] enables cross-site scripting. Attack can be performed remotely and the exploit has been disclosed publicly. The issue is documented across CVE-2024-7...

6.1CVSS3.8AI score0.00453EPSS
Web
CVE
CVE
added 2017/09/26 6:0 a.m.63 views

CVE-2017-14744

UEditor 1.4.3.3 is vulnerable to cross-site scripting via the SRC attribute of an IFRAME element. The issue is documented across multiple sources (NVD, CNVD, Red Hat, CVE lists) and is consistently described as an XSS in Baidu/UEditor, with no explicit remediation or patch version provided in the...

6.1CVSS6AI score0.00635EPSS
CVE
CVE
added 2021/09/28 6:9 p.m.49 views

CVE-2021-37271

CVE-2021-37271 affects UEditor v1.4.3.3, with a Cross Site Scripting (XSS) vulnerability that can be exploited to obtain a user’s cookies. The connected documents confirm the product/version and the impact but do not provide detailed exploit steps, vectors, or remediation information. No public d...

5.4CVSS5.2AI score0.00544EPSS