3 results (0.002 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2024-7342 – Baidu UEditor unrestricted upload

https://notcve.org/view.php?id=CVE-2024-7342

A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. • https://github.com/Hebing123/cve/issues/62 https://vuldb.com/?ctiid.273273 https://vuldb.com/?id.273273 https://vuldb.com/?submit.380092 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-37271

https://notcve.org/view.php?id=CVE-2021-37271

Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en UEditor versión v1.4.3.3, que puede ser explotada por un atacante para conseguir información de las cookies del usuario • https://www.cnvd.org.cn/flaw/show/3243916 https://www.freebuf.com/vuls/269956.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-14744

https://notcve.org/view.php?id=CVE-2017-14744

UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en la versión 1.4.3.3 de UEditor mediante el atributo SRC de un elemento IFRAME. • http://ueditor.baidu.com/website/changelog.html http://www.yuag.org/2017/09/19/ueditor%E5%82%A8%E5%AD%98%E5%9E%8Bxss%E6%BC%8F%E6%B4%9E • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •