A reflected cross-site scripting (XSS) vulnerability has been identified in the UEditor 1.4.2. This vulnerability permits an attacker to inject malicious scripts into web pages viewed by users, potentially compromising user data and session integrity.
Details
The vulnerability exists in the /ueditor/php/action_crawler.php file of UEditor 1.4.2, where the source parameter is used to fetch and process image URLs.
The value of source is not appropriately sanitized or encoded, allowing the execution of arbitrary scripts.
Summary
A reflected cross-site scripting (XSS) vulnerability has been identified in the UEditor 1.4.2. This vulnerability permits an attacker to inject malicious scripts into web pages viewed by users, potentially compromising user data and session integrity.
Details
The vulnerability exists in the
/ueditor/php/action_crawler.php
file of UEditor 1.4.2, where the source parameter is used to fetch and process image URLs. The value of source is not appropriately sanitized or encoded, allowing the execution of arbitrary scripts.POC
http://your-ip/ueditor142/php/controller.php?action=catchimage&source[]=%22%3E%3Csvg%20onload=alert(1)%3E