4 matches found
CVE-2024-7342
Baidu UEditor 1.4.3.3 contains an unrestricted upload vulnerability in the endpoint /ueditor/php/controller.php?action=uploadfile&encode=utf-8, triggered by manipulating the upfile parameter. The issue enables remote initiation and has publicly disclosed exploits; multiple sources corroborate the...
CVE-2024-7343
Baidu UEditor 1.4.2 is affected. The vulnerability is in /ueditor142/php/controller.php?action=catchimage, where manipulating the argument source[] enables cross-site scripting. Attack can be performed remotely and the exploit has been disclosed publicly. The issue is documented across CVE-2024-7...
CVE-2017-14744
UEditor 1.4.3.3 is vulnerable to cross-site scripting via the SRC attribute of an IFRAME element. The issue is documented across multiple sources (NVD, CNVD, Red Hat, CVE lists) and is consistently described as an XSS in Baidu/UEditor, with no explicit remediation or patch version provided in the...
CVE-2021-37271
CVE-2021-37271 affects UEditor v1.4.3.3, with a Cross Site Scripting (XSS) vulnerability that can be exploited to obtain a user’s cookies. The connected documents confirm the product/version and the impact but do not provide detailed exploit steps, vectors, or remediation information. No public d...