CVE-2022-25038

Vulnerability

Overview

WangEditor v4.7.11, a web-based rich text editor, is affected by a cross-site scripting (XSS) vulnerability through its video upload feature. The root cause lies in insufficient sanitization of user-supplied input when inserting video content, enabling an attacker to inject malicious HTML or JavaScript code [1].

Exploitation

Prerequisites

Exploitation requires an authenticated user (or any user with access to the editor) to insert a crafted video payload. The provided proof-of-concept demonstrates that an attacker can inject an ` element with a srcdoc attribute containing a JavaScript payload (e.g., `) to trigger the XSS upon rendering [1]. No special network position is required—the attack can be carried out from a browser.

Impact

Successful exploitation enables an attacker to execute arbitrary JavaScript in the context of the victim's browser session. This can lead to data theft, session hijacking, or defacement of pages that include the editor output. The vulnerability is classified as medium severity (CVSS 6.1) due to the requirement for user interaction and the non-direct access to sensitive systems [1].

Mitigation and

Status

As of the publication date (2024-05-31), no patched version had been released. Users are advised to apply input sanitization on the server side or restrict the use of the video upload feature until an update is available. The vulnerability has been publicly disclosed with a working exploit, increasing the risk of active exploitation [1].