wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function

GHSA-9hfw-cvf4-5x25 · CVE-2022-25037

Published May 31, 2024 · Modified Jun 11, 2026

Description

There is a cross-site scripting (XSS) issue in wangEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-25037
WEB https://github.com/wangeditor-team/wangEditor/issues/3870
WEB https://github.com/wangeditor-team/wangEditor/issues/3872
WEB https://github.com/wangeditor-team/wangEditor/commit/6257a2e166346913c34ac5cfb31b6a46e9544c5a
WEB https://gist.github.com/Mdxjj/5cf0a31e8abf24ed688ceb5b3543516d
PACKAGE https://github.com/wangeditor-team/wangEditor

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes