CVE-2024-7343 – Baidu UEditor cross site scripting
https://notcve.org/view.php?id=CVE-2024-7343
A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source[] leads to cross site scripting. • https://github.com/Hebing123/cve/issues/63 https://vuldb.com/?ctiid.273274 https://vuldb.com/?id.273274 https://vuldb.com/?submit.380151 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-7342 – Baidu UEditor unrestricted upload
https://notcve.org/view.php?id=CVE-2024-7342
A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. • https://github.com/Hebing123/cve/issues/62 https://vuldb.com/?ctiid.273273 https://vuldb.com/?id.273273 https://vuldb.com/?submit.380092 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-37271
https://notcve.org/view.php?id=CVE-2021-37271
Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en UEditor versión v1.4.3.3, que puede ser explotada por un atacante para conseguir información de las cookies del usuario • https://www.cnvd.org.cn/flaw/show/3243916 https://www.freebuf.com/vuls/269956.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-14744
https://notcve.org/view.php?id=CVE-2017-14744
UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en la versión 1.4.3.3 de UEditor mediante el atributo SRC de un elemento IFRAME. • http://ueditor.baidu.com/website/changelog.html http://www.yuag.org/2017/09/19/ueditor%E5%82%A8%E5%AD%98%E5%9E%8Bxss%E6%BC%8F%E6%B4%9E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •