Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload gets executed. Furthermore, if the payload is reflected at any other resource that does rely on the sanitisation of the editor itself, the JavaScript payload will be executed in the context of the application. This allows attackers (in the worst case) to take over user sessions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Progress Kendo UI Editor 跨站脚本漏洞
Vulnerability Description
Progress Kendo UI Editor是美国Progress Software公司的一款富文本编辑器。 Progress Kendo UI Editor 2018.1.221版本中存在跨站脚本漏洞。远程攻击者可利用该漏洞向WYSIWYG editor的DOM注入任意JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A