CVE-2021-37271

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in nuget/hawk.ueditor

Identifier

CVE-2021-37271

Package Slug

nuget/hawk.ueditor

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information.

Affected Versions

Version 1.4.3.3

Solution

Upgrade to version 1.4.3.4 or above.

Last Modified

2021-10-10

source