CVE-2024-7343 | Baidu UEditor 1.4.2 controller.php source[] cross site scripting

Posted by Angelo Barbosa | Jul 31, 2024 | CVE

A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source[] leads to cross site scripting.

This vulnerability was named CVE-2024-7343. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7343 | Baidu UEditor 1.4.2 controller.php source[] cross site scripting

Related Posts

CVE-2021-47096 | Linux Kernel up to 5.15.11 rawmidi uninitialized pointer (ID 178 / b398fcbe4de1/39a8fc4971a0)

CVE-2024-7887 | LimeSurvey 6.3.0-231016 File Upload /index.php size denial of service

CVE-2023-41090 | Intel MAS Software prior 2.3 race condition during access to alternate channel (intel-sa-00967)

CVE-2024-41011 | Linux Kernel up to 6.1.90/6.6.30/6.8.9 amdkfd Privilege Escalation