Ueditor
by Baidu
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14744 | Med | 0.40 | 6.1 | 0.01 | Sep 26, 2017 | UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | ||
| CVE-2026-4186 | Low | 0.23 | 3.5 | 0.00 | Mar 16, 2026 | A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can… | ||
| CVE-2024-7343 | 0.00 | — | 0.00 | Aug 1, 2024 | A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source[] leads to cross site scripting. The attack can be… | |||
| CVE-2024-7342 | 0.00 | — | 0.00 | Aug 1, 2024 | A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to… |
- risk 0.40cvss 6.1epss 0.01
UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.
- risk 0.23cvss 3.5epss 0.00
A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can…
- CVE-2024-7343Aug 1, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source[] leads to cross site scripting. The attack can be…
- CVE-2024-7342Aug 1, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to…