CNNVD-202509-3980 Information

CNNVD ID

CNNVD-202509-3980

Related CVE

CVE-2025-10949

• CNNVD Published: 2025-09-25

Description (Chinese)

iView Editor是iView开源的一个编辑器。 iView Editor 1.1.1及之前版本存在代码注入漏洞，该漏洞源于组件Markdown Handler处理不当，可能导致跨站脚本攻击。

Description (English)

iView Editor is an editor of iView Open Source. iView Editor 1.1.1 and previous versions had a code-infusion loophole, which stemmed from the inappropriate handling of the component Markdown Handler and could lead to a cross-site script attack.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

iView

Published

2025-09-25

Last Modified

2026-02-24

References

https://github.com/duckpigdog/CVE/blob/main/iView%20Editor%20XSS.docx https://vuldb.com/?ctiid.325819 https://vuldb.com/?id.325819 https://vuldb.com/?submit.652402