CVE-2021-37271: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

September 28, 2021 (updated October 1, 2021)

Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information.

References

nvd.nist.gov/vuln/detail/CVE-2021-37271

Detect and mitigate CVE-2021-37271 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →