Headline

GHSA-9hfw-cvf4-5x25: wanEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function

There is a cross-site scripting (XSS) issue in wanEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12.

4 months ago

ghsa

Open in Source

#xss #vulnerability #nodejs #git

Navigation Menu

- Actions
  
  Automate any workflow
- Packages
  
  Host and manage packages
- Security
  
  Find and fix vulnerabilities
- Codespaces
  
  Instant dev environments
- Copilot
  
  Write better code with AI
- Code review
  
  Manage code changes
- Issues
  
  Plan and track work
- Discussions
  
  Collaborate outside of code

- GitHub Sponsors
  
  Fund open source developers

*   The ReadME Project
    
    GitHub community articles

- Enterprise platform
  
  AI-powered developer platform

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

GitHub Advisory Database
GitHub Reviewed
CVE-2022-25037

wanEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function

Moderate severity GitHub Reviewed Published May 31, 2024 to the GitHub Advisory Database • Updated Jun 2, 2024

Package

npm @wangeditor/editor (npm)

Affected versions

<= 4.7.11

Description

Published to the GitHub Advisory Database

May 31, 2024

ghsa: Latest News

GHSA-pxg6-pf52-xh8x: cookie accepts cookie name, path, and domain with out of bounds characters

2 days ago

ghsa

GHSA-q898-frwq-f3qp: Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS

2 days ago

ghsa

GHSA-8xq9-g7ch-35hg: Parse Server's custom object ID allows to acquire role privileges

2 days ago

ghsa

GHSA-8h22-6qwx-q4w9: OpenStack Ironic fails to verify checksums of supplied image_source URLs

2 days ago

ghsa

GHSA-wwcp-26wc-3fxm: JSON-lib mishandles an unbalanced comment string

3 days ago

ghsa