CVE-2017-14744: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

September 26, 2017 (updated October 6, 2017)

UEdit has XSS via the SRC attribute of an IFRAME element.

References

ueditor.baidu.com/website/changelog.html
www.yuag.org/2017/09/19/ueditor%E5%82%A8%E5%AD%98%E5%9E%8Bxss%E6%BC%8F%E6%B4%9E/
nvd.nist.gov/vuln/detail/CVE-2017-14744

Code Behaviors & Features

Detect and mitigate CVE-2017-14744 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →