{
  "schema_version": "1.4.0",
  "id": "GHSA-9hfw-cvf4-5x25",
  "modified": "2024-06-04T00:38:12Z",
  "published": "2024-05-31T18:31:14Z",
  "aliases": [
    "CVE-2022-25037"
  ],
  "summary": "wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function",
  "details": "There is a cross-site scripting (XSS) issue in wangEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12.",
  "severity": [],
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@wangeditor/editor"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.7.12"
            }
          ]
        }
      ],
      "database_specific": {
        "last_known_affected_version_range": "<= 4.7.11"
      }
    }
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25037"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wangeditor-team/wangEditor/issues/3870"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wangeditor-team/wangEditor/issues/3872"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wangeditor-team/wangEditor/commit/6257a2e166346913c34ac5cfb31b6a46e9544c5a"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/Mdxjj/5cf0a31e8abf24ed688ceb5b3543516d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/wangeditor-team/wangEditor"
    }
  ],
  "database_specific": {
    "cwe_ids": [],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-02T22:32:11Z",
    "nvd_published_at": "2024-05-31T16:15:09Z"
  }
}