CVE-2022-25037: wanEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function
(updated )
There is a cross-site scripting (XSS) issue in wanEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12.
References
- gist.github.com/Mdxjj/5cf0a31e8abf24ed688ceb5b3543516d
- github.com/advisories/GHSA-9hfw-cvf4-5x25
- github.com/wangeditor-team/wangEditor
- github.com/wangeditor-team/wangEditor/commit/6257a2e166346913c34ac5cfb31b6a46e9544c5a
- github.com/wangeditor-team/wangEditor/issues/3870
- github.com/wangeditor-team/wangEditor/issues/3872
- nvd.nist.gov/vuln/detail/CVE-2022-25037
Detect and mitigate CVE-2022-25037 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →