CVE

Description

The UmEditor v1.2.3 version has a reflective XSS vulnerability in the file /php/imageUp.php.

impact

The attacker can inject malicious scripts into the request parameters, tricking the user into clicking on a specially crafted link, and the script will be executed directly in the user’s browser.

Vulnerability reproduction

testing environment：localhost

windows+edge+phpstorm+BurpSuitePro+apache2 + php5.6.9

1.vulnerability analysis

/php/imageUp.php

After the website requests the get parameter, it directly concatenates it into <script></script>, causing a reflective xss vulnerability

2.exploitation of vulnerability

payload：http://127.0.0.1/php/imageUp.php?callback=alert('xss')

This issue exists in all language versions of imageUp