CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7343 – Baidu UEditor cross site scripting
https://notcve.org/view.php?id=CVE-2024-7343
01 Aug 2024 — A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source[] leads to cross site scripting. • https://github.com/Hebing123/cve/issues/63 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14744
https://notcve.org/view.php?id=CVE-2017-14744
26 Sep 2017 — UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en la versión 1.4.3.3 de UEditor mediante el atributo SRC de un elemento IFRAME. • http://ueditor.baidu.com/website/changelog.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •