CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7343 – Baidu UEditor cross site scripting
https://notcve.org/view.php?id=CVE-2024-7343
A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source[] leads to cross site scripting. • https://github.com/Hebing123/cve/issues/63 https://vuldb.com/?ctiid.273274 https://vuldb.com/?id.273274 https://vuldb.com/?submit.380151 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14744
https://notcve.org/view.php?id=CVE-2017-14744
UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en la versión 1.4.3.3 de UEditor mediante el atributo SRC de un elemento IFRAME. • http://ueditor.baidu.com/website/changelog.html http://www.yuag.org/2017/09/19/ueditor%E5%82%A8%E5%AD%98%E5%9E%8Bxss%E6%BC%8F%E6%B4%9E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •