Baidu UEditor 1.4.2
Approved changes feed: RSS · Atom
cpe:2.3:a:baidu:ueditor:1.4.2:*:*:*:*:*:*:*
part: a version: 1.4.2 update: *
| Vendor | Baidu (3e9f71c5-d6b2-5b7d-aed0-82c0c6b16b90) |
|---|---|
| Product | Ueditor (b99656c4-7bef-57ea-a440-b4456e9cba6e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/fex-team/ueditor |
purl2cpe | 2026-06-01 10:13:15.920613 |
pkg:sourceforge/ueditor |
purl2cpe | 2026-06-01 10:13:15.920615 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-7343 |
vulnerable | 2026-06-03 14:58:05.668500 |
Baidu UEditor cross site scripting
LOW (3.5)
A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source[] leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2024-08-01T05:00:07.311Z
Updated: 2024-08-01T19:06:52.844Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.