CVE-2022-25037

Name of the Vulnerable Software and Affected Versions wanEditor version 4.7.11

Description The issue is related to a cross-site scripting (XSS) vulnerability via the image upload function. This vulnerability allows for malicious scripts to be injected into the application, potentially leading to unauthorized access or control.

Recommendations For wanEditor version 4.7.11, update to version 4.7.12 or version 5 to resolve the issue. As a temporary workaround, consider disabling the image upload function until a patch is available. Restrict access to the image upload feature to minimize the risk of exploitation.