Vulnerability in UEditor for Drupal by Baidu
CVE-2025-3903

Currently unrated

Key Information:

Vendor
Drupal
Status
Ueditor - 百度编辑器
Vendor
CVE Published:
23 April 2025

Summary

The vulnerability in UEditor, utilized within Drupal, exposes users to potential Cross-Site Scripting (XSS) risks. This flaw can allow attackers to inject malicious scripts into web pages viewed by other users, compromising user data and website integrity. Proper validation and sanitization measures are crucial to mitigate these security risks related to UEditor, ensuring a safer user experience on Drupal-powered sites.

Affected Version(s)

UEditor - 百度编辑器 *.*

References

https://www.drupal.org/sa-contrib-2025-044

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.