Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information.
Advisories for Nuget/Hawk.ueditor package
2021
2017
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
UEdit has XSS via the SRC attribute of an IFRAME element.