Name of the Vulnerable Software and Affected Versions HtmlEditorField Toolbar (affected versions not specified)

Description The issue concerns the "Add from URL" functionality, which does not properly sanitize URLs on the server side. Specifically, the HtmlEditorField Toolbar action viewfile is called when adding media from a URL, and it retrieves the URL from the FileURL GET parameter without performing any server-side URL sanitization. Although the current logic relies on Oembed to reject potentially dangerous URLs, future changes could potentially break this protection.

Recommendations As a temporary workaround, consider implementing server-side URL sanitization for the FileURL parameter in the viewfile action of HtmlEditorField Toolbar to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.