Sceditor

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-25581 MEDIUM POC PATCH This Month

Reflected cross-site scripting in SCEditor prior to version 3.2.1 allows attackers with control over configuration parameters to inject malicious scripts through unsanitized options like emoticons or charset settings. Public exploit code exists for this vulnerability, which affects any application integrating the affected SCEditor versions. A patch is available in version 3.2.1 and later.

XSS Sceditor

NVD GitHub

CVSS 3.1

5.4

EPSS

0.0%

CVE-2026-25581

EPSS 0% CVSS 5.4

MEDIUM POC PATCH This Month

Reflected cross-site scripting in SCEditor prior to version 3.2.1 allows attackers with control over configuration parameters to inject malicious scripts through unsanitized options like emoticons or charset settings. Public exploit code exists for this vulnerability, which affects any application integrating the affected SCEditor versions. A patch is available in version 3.2.1 and later.

XSS Sceditor

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy