VYPR

Ueditor

by Baidu

CVEs (4)

  • CVE-2017-14744MedSep 26, 2017
    risk 0.40cvss 6.1epss 0.01

    UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.

  • CVE-2026-4186LowMar 16, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can…

  • CVE-2024-7343Aug 1, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source[] leads to cross site scripting. The attack can be…

  • CVE-2024-7342Aug 1, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to…