CVE-2026-4186

Name of the Vulnerable Software and Affected Versions UEditor versions up to 1.4.3.2

Description A cross site scripting issue exists in UEditor due to manipulation of the callback argument in the JSONP Callback Handler. The issue affects the processing of the file ''php/controller.php?action=uploadimage''. The attack can be initiated remotely and the exploit has been publicly disclosed. The vendor was contacted but did not respond. This vulnerability affects products that are no longer supported by the maintainer.

Recommendations Versions prior to 1.4.3.2 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.