CNNVD-202602-953 Information

CNNVD ID

CNNVD-202602-953

Related CVE

CVE-2026-25581

• CNNVD Published: 2026-02-06

Description (Chinese)

SCEditor是Sam个人开发者的一款所见即所得编辑器。 SCEditor 3.2.1之前版本存在跨站脚本漏洞，该漏洞源于传递给sceditor.create的配置选项缺乏清理，可能导致跨站脚本攻击。

Description (English)

SCEditor is the editor of a book seen by Sam’s personal developer. The previous version of SCEditor 3.2.1 had a cross-site script loophole, which stemmed from the lack of clean-up of the configuration options transmitted to sceditor.create, which could lead to cross-site script attacks.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/samclarke/SCEditor/commit/5733aed4f0e257cb78e1ba191715fc458cbd473d https://github.com/samclarke/SCEditor/security/advisories/GHSA-25fq-6qgg-qpj8 https://access.redhat.com/security/cve/cve-2026-25581

Patch

https://www.sceditor.com/